Executing untrusted code

Posted by MainMa on Stack Overflow See other posts from Stack Overflow or by MainMa
Published on 2010-03-13T12:51:41Z Indexed on 2010/03/13 12:55 UTC
Read the original article Hit count: 263

Filed under:

plugins

|

appdomain

|

permissionset

|

serialization

Hi,

I'm building a C# application which uses plug-ins. The application must guarantee to the user that plug-ins will not do whatever they want on the user machine, and will have less privileges that the application itself (for example, the application can access its own log files, whereas plug-ins cannot).

I considered three alternatives.

Using System.AddIn. I tried this alternative first, because it seamed much powerful, but I'm really disappointed by the need of modifying the same code seven times in seven different projects each time I want to modify something. Besides, there is a huge number of problems to solve even for a simple Hello World application.
Using System.Activator.CreateInstance(assemblyName, typeName). This is what I used in the preceding version of the application. I can't use it nevermore, because it does not provide a way to restrict permissions.
Using System.Activator.CreateInstance(AppDomain domain, [...]). That's what I'm trying to implement now, but it seems that the only way to do that is to pass through ObjectHandle, which requires serialization for every used class. Although plug-ins contain WPF UserControls, which are not serializable.

So is there a way to create plug-ins containing UserControls or other non serializable objects and to execute those plug-ins with a custom PermissionSet ?

© Stack Overflow or respective owner

Related posts about plugins

Error deploying Spring application to Jboss due to ClassCastException

as seen on Server Fault - Search for 'Server Fault'
When I try to deploy a spring application in Jboss, I get this error: 11:32:34,045 ERROR [AbstractKernelController] Error installing to Start: name=persistence.unit:unitName=#ehr-punit state=Create java.lang.RuntimeException: Specification violation [EJB3 JPA 6.2.1.2] - You have not defined a jta-data-source… >>> More
External Monitors shut off when Laptop Lid closes

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have researched the solution... gconftool-2 --type string --set /apps/gnome-power-manager/buttons/lid_ac "nothing" does not fix it. I have two external monitors and when I close my lid the settings are reset and the laptop's monitor is set to the default. Thanks! gsettings list-recursively… >>> More
Migration and deployement problems JBoss 4.2.2.GA to JBoss 6.0.0.M2

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to migrate an application running on JBoss 4.2.2.GA to JBoss 6.0.0.M2 I give you some log to explain my problem : boot.log : 2010-03-16 09:59:29,406 ERROR [org.jboss.system.server.profileservice.ProfileServiceBootstrap] (Thread-2) Failed to load profile: Summary of incomplete deployments… >>> More
5 Useful Wordpress Plugins For Google Adsense

as seen on Just Skins - Search for 'Just Skins'
Google Adsense has become the most popular online contextual advertising program and proper custom integration with Wordpress can help to increase Adsense earnings. Now on this post we have describe 5 useful wordpress plugin for google adsense. Few weeks ago we did a "10 Wordpress Plugins For… >>> More
JSF Portlets in Liferay on JBoss

as seen on Server Fault - Search for 'Server Fault'
I'm currently looking at working with and deploying JSF portlets into Liferay 6.0.5, sitting on JBoss 5.1.0. I ran into a lot of trouble trying to port some JSF-y/Seam-y/EJB-y stuff I had lying around, so I thought I'd start simple and work my way up. I could generate generic portlets using the NetBeans… >>> More

Related posts about appdomain

Load Assembly in New AppDomain without loading it in Parent AppDomain

as seen on Stack Overflow - Search for 'Stack Overflow'
I am attempting to load a dll into a console app and then unload it and delete the file completely. The problem I am having is that the act of loading the dll in its own AppDomain creates a reference in the Parent AppDomain thus not allowing me to destroy the dll file unless I totally shut down the… >>> More
Hosting the Razor Engine for Templating in Non-Web Applications

as seen on West-Wind - Search for 'West-Wind'
Microsoft’s new Razor HTML Rendering Engine that is currently shipping with ASP.NET MVC previews can be used outside of ASP.NET. Razor is an alternative view engine that can be used instead of the ASP.NET Page engine that currently works with ASP.NET WebForms and MVC. It provides a simpler and more… >>> More
.NET Security Part 2

as seen on Simple Talk - Search for 'Simple Talk'
So, how do you create partial-trust appdomains? Where do you come across them? There are two main situations in which your assembly runs as partially-trusted using the Microsoft .NET stack: Creating a CLR assembly in SQL Server with anything other than the UNSAFE permission set. The permissions… >>> More
AppDomain Creation In .Net

as seen on Stack Overflow - Search for 'Stack Overflow'
Is There a way we can clone Current Application Domain & Its Assembly in to new created domain to execute same peace of code in multiple domain having same dependencies as current domain have. >>> More
AppDomain dependencies across directories

as seen on Stack Overflow - Search for 'Stack Overflow'
I am creating a plugin system and I am creating one AppDomain per plugin. Each plugin has its own directory with its main assemblies and references. The main assemblies will be loaded by my plugin loader, in addition to my interface assemblies (so the plugin can interact with the application). Creating… >>> More