带有 SecuritySafeCritical 函数的 C# 完全可信程序集仍然抛出 SecurityExceptions

发布于 2024-09-19 06:40:39 字数 2165 浏览 7 评论 0原文

我正在尝试创建一个沙盒 AppDomain 来加载扩展/插件。我有一个 MarshalByRefObject，它在 appdomain 内实例化以加载 dll。我在尝试加载 dll 时遇到 SecurityExceptions，并且不知道如何绕过它们，同时仍然限制第三方代码可以执行的操作。我的所有项目都是.net 4。

InDomainLoader 类位于完全受信任的域中，该方法被标记为 SecuritySafeCritical。从我读过的所有内容来看，我认为这应该有效。

这是我的 Loader 类，它创建 AppDomain 并跳转到其中：

public class Loader
{
    public void Load(string dll, string typeName)
    {
        Log.PrintSecurity();

        // Create new AppDomain
        var setup = AppDomain.CurrentDomain.SetupInformation;
        var permissions = new PermissionSet(null);
        permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
        var strongname = typeof(InDomainLoader).Assembly.Evidence.GetHostEvidence<StrongName>();
        var strongname2 = typeof(IPlugin).Assembly.Evidence.GetHostEvidence<StrongName>();
        AppDomain domain = AppDomain.CreateDomain("plugin", null, setup, permissions, strongname, strongname2);

        // Create instance
        var loader = (InDomainLoader)domain.CreateInstanceAndUnwrap(
            typeof (InDomainLoader).Assembly.FullName, typeof (InDomainLoader).FullName);

        // Jump into domain
        loader.Load(dll, typeName);
    }
}

这是在域中运行的引导加载程序：

public class InDomainLoader : MarshalByRefObject
{
    [SecuritySafeCritical]
    public void Load(string dll, string typeName)
    {
        Log.PrintSecurity();

        var assembly = Assembly.LoadFrom(dll);  // <!-- SecurityException!
        var pluginType = assembly.GetType(typeName);

        var demoRepository = new DemoRepository();
        var plugin = (IPlugin)Activator.CreateInstance(pluginType, demoRepository);
        Console.WriteLine(plugin.Run());
    }
}

一些日志记录语句告诉我程序集的 IsFullyTrusted 为 true，并且该方法同时具有 IsSecurityCritical 和 IsSecuritySafeCritical 设置为 true，IsSecurityTransparent 为 false。

我将整个项目压缩到 http://davidhogue.com/files/PluginLoader.zip以防万一这会让这变得更容易。

如果有人有任何想法，我将非常感激。我似乎陷入了这里的死胡同。

原文

I'm trying to create a sandboxed AppDomain for loading extensions/plugins. I have a MarshalByRefObject that in instantiate inside the appdomain to load the dll. I'm getting SecurityExceptions when trying to load the dll and I can't figure out how to get around them while still limiting what the third party code can do. All my projects are .net 4.

The InDomainLoader class is in a fully trusted domain, the method is marked SecuritySafeCritical. From everything I've read, I think this should work.

Here is my Loader class that creates the AppDomain and jumps into it:

public class Loader
{
    public void Load(string dll, string typeName)
    {
        Log.PrintSecurity();

        // Create new AppDomain
        var setup = AppDomain.CurrentDomain.SetupInformation;
        var permissions = new PermissionSet(null);
        permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
        var strongname = typeof(InDomainLoader).Assembly.Evidence.GetHostEvidence<StrongName>();
        var strongname2 = typeof(IPlugin).Assembly.Evidence.GetHostEvidence<StrongName>();
        AppDomain domain = AppDomain.CreateDomain("plugin", null, setup, permissions, strongname, strongname2);

        // Create instance
        var loader = (InDomainLoader)domain.CreateInstanceAndUnwrap(
            typeof (InDomainLoader).Assembly.FullName, typeof (InDomainLoader).FullName);

        // Jump into domain
        loader.Load(dll, typeName);
    }
}

And here's the bootstrap loader that runs in the domain:

public class InDomainLoader : MarshalByRefObject
{
    [SecuritySafeCritical]
    public void Load(string dll, string typeName)
    {
        Log.PrintSecurity();

        var assembly = Assembly.LoadFrom(dll);  // <!-- SecurityException!
        var pluginType = assembly.GetType(typeName);

        var demoRepository = new DemoRepository();
        var plugin = (IPlugin)Activator.CreateInstance(pluginType, demoRepository);
        Console.WriteLine(plugin.Run());
    }
}

Some logging statements tell me that the assembly's IsFullyTrusted is true and the method has both IsSecurityCritical and IsSecuritySafeCritical set to true, IsSecurityTransparent is false.

I zipped up the whole project to http://davidhogue.com/files/PluginLoader.zip in case that makes this easier.

If anyone has any ideas, I'd be very grateful. I seem to be stuck at a dead end here.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

最佳男配角 2024-09-26 06:40:39

首先，您可能不应该将该函数标记为 SecuritySafeCritical，因为这意味着不受信任的调用者可以调用您，而您可能并不真正想要（这并不是一个主要问题）。

至于您的问题，问题是默认情况下您仍然不以任何特殊权限运行，执行程序集加载的正常简单方法是您创建自己的 AppDomainSetup 并将其 ApplicationBase 指向某种插件目录（不是一般来说，这不是一个坏主意），然后您可以使用普通的 Assembly.Load("AssemblyName") 从基础中加载。但是，如果您必须加载任意文件，那么您需要为插件 dll（完整路径）断言 FileIOPermission，即

private Assembly LoadAssemblyFromFile(string file)
{
    FileIOPermission perm = new FileIOPermission(FileIOPermissionAccess.AllAccess, file);
    perm.Assert();

    return Assembly.LoadFile(file);
}

Well for a start you probably shouldn't be marking the function as SecuritySafeCritical as that implies untrusted callers can call you, which you probably don't really want (not that it should be a major issue).

As for your problem the issue is that by default you still don't run with any special permissions, the normal easy way to do the assembly loading is you create your own AppDomainSetup and point it's ApplicationBase at a Plugin directory of some kind (which isn't a bad idea in general), you can then use the normal Assembly.Load("AssemblyName") to load out of the base. However if you must load an arbitrary file then you need to assert FileIOPermission for the plugin dll (full path), i.e.

private Assembly LoadAssemblyFromFile(string file)
{
    FileIOPermission perm = new FileIOPermission(FileIOPermissionAccess.AllAccess, file);
    perm.Assert();

    return Assembly.LoadFile(file);
}

回复收藏 0 原文

~没有更多了~