Is it possible to host the .Net DLR in an “idiot-proof” sandbox?

给你一囗甜甜゛ 提交于 2019-12-09 05:42:16

问题


I would like to host the Dynamic Language Runtime (DLR) in such a way that users who run arbitrary scripts in it cannot bring the process down?

The DLR hosting spec describes how to host the DLR in a separate ApplicationDomain. This allows to tear down and unload a script runtime and to restrict certain operations through CAS (e.g. I can restrict file system access or disallow use of reflection).

But are there also ways to for example: - restrict the maximum amount of memory used by a script? - restrict the number of threads created by a script? - detect deadlocked scripts?

I think such fine grained control could be possible using the unmanaged .net hosting API that was developed for SQL server. Is this the direction to go? Are there open source projects for this kind of general .net sandboxing?

Here are a few potentially useful references that I found:

  • Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0
  • Host protection thread on DLR discussion list
  • Using Host Protection (.Net security blog)

回答1:


Have a look at Terrarium -- it's a game where you build your own autonomous critters in a .NET language, and they're teleported to other networked computers along with the assemblies that they're described in. The goal is to have your critter take over the entire ecosystem, either by killing everything else or by strategically managing food resources.

As I recall, any critter that spends more than 0.n seconds "thinking" or n kb of memory gets deleted.



来源:https://stackoverflow.com/questions/3269290/is-it-possible-to-host-the-net-dlr-in-an-idiot-proof-sandbox

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!