问题
I have a c# evaluator which uses the (I think) the .Net 4 new simplified sandboxed appdomain model to host the c# assembly, with remoting doing the rest. The call to create the appdomain is
Evidence ev = new Evidence();
ev.AddHostEvidence(new Zone(SecurityZone.Trusted));
PermissionSet pset = SecurityManager.GetStandardSandbox(ev);
AppDomainSetup ads = new AppDomainSetup();
ads.ApplicationBase = "C:\\Sandbox";
// Create the sandboxed domain.
AppDomain sandbox = AppDomain.CreateDomain(
"Sandboxed Domain",
ev,
ads,
pset,
null);
The c# eval is embedded in a server app, but I don't want give the sandbox to much control unless it bo bo's the caller. What i'm looking for is regarding some clarification as to what to provide as Evidence from the caller. I'm looking for advice and guidance.
Any help would be appreciated.
回答1:
You can either use the 'Internet' permission set or the 'Execution' permission set, both have limited permissions as they are deemed unsafe.
来源:https://stackoverflow.com/questions/2806729/best-evidence-to-offer-a-sandboxed-appdomain-for-a-c-sharp-evaluator