权限集反转:以“完全信任 -(减去)写入访问权限”运行 .NET 4.0 应用程序
我有一个 WCF 服务与 Mathematica 内核进行通信,以计算任意表达式并获取结果。 (我的唯一目的是利用 Mathematica 作为使用 SVG 和 XAML 的静态图形的复杂图形布局引擎,但我的数学内核主机可以有一个非常简单的接口,可以计算任意 Mathematica 表达式:在出现安全漏洞的情况下,可以导致任意代码注入。)
- 是否有任何方法可以在具有“完全信任权限集 -(减去)文件 io 写入访问权限”的 sandbux 中运行应用程序?
使用
var e = new Evidence();
e.AddHostEvidence(new Zone(SecurityZone.Trusted));
var pset = SecurityManager.GetDefaultSandbox(e);
会导致我的应用程序出现以下情况:由于后来的安全异常而崩溃,因此我想确保只删除单个权限类型。我没有获得有关安全异常类型及其原因的足够详细信息,我的程序链接到没有调试符号的商业库。
如何调试商业库内的执行? Reflector 或类似的工具可以帮助我吗?
如何获得有关安全异常的更好的堆栈跟踪? (当前沙箱应用程序的完整源代码如下)
或
var pset = new PermissionSet(PermissionSet.Unrestricted); // set is empty o_O!
pset.RemovePermission(typeof(FileIOPermission)); // io permission still active
...
没有帮助。
完整上下文:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Reflection;
using System.Runtime.Remoting;
class Sandboxer : MarshalByRefObject
{
const string uPath = @"..\..\..\KernelHost\bin\Debug";
static string aPath = Path.GetFullPath(uPath);
const string uAssembly = "KernelHost";
static void Main(string[] args)
{
var e = new Evidence();
e.AddHostEvidence(new Zone(SecurityZone.Trusted));
var pset = new PermissionSet(PermissionState.Unrestricted);
//pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
//pset.AddPermission(new UIPermission(UIPermissionWindow.AllWindows, UIPermissionClipboard.AllClipboard));
//pset.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, aPath));
//pset.SetPermission(new UIPermission(PermissionState.None));
pset.RemovePermission(typeof(UIPermission));
//pset.SetPermission(new FileIOPermission(PermissionState.None));
var ass = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();
var ads = new AppDomainSetup();
ads.ApplicationBase = aPath;
var sandbox = AppDomain.CreateDomain(
"Sandbox",
e,
ads,
pset,
ass);
Console.WriteLine(pset.Count);
foreach (IPermission p in pset)
{
Console.WriteLine(p.ToXml());
}
sandbox.ExecuteAssemblyByName("KernelHost");
}
}
- 是否有适用于 .NET 4.0 或更高级别的 Windows Server 2008 R2(也适用于本机应用程序)的可用开源/商业沙箱解决方案可以帮助我?
I have a WCF service to communicate with a Mathematica Kernel to evaluate arbitrary expressions and get results. (My sole intention is to utilize Mathematica as a sophisticated graph layout engine for static graphs using SVG and XAML but my math kernel host can has a decidedly simple interface that can evaluate arbitrary Mathematica expressions: that could, in case of a security breach, could lead to arbitrary code injection.)
- Is there any way to run an application in a sandbux with a 'full trust permission set - (minus) file io write access'?
Using
var e = new Evidence();
e.AddHostEvidence(new Zone(SecurityZone.Trusted));
var pset = SecurityManager.GetDefaultSandbox(e);
leads to a situation where my app crashes due to a later security exception so I want to make sure I just remove a single permission type. I do not get enough detail about the type of security exception and what caused it, my program is linked against a commercial library with no debug symbols.
How can I debug the execution inside the commercial library? Could reflector or a similar tool help me out?
How can I get a better stack trace about a security exception? (Full source of the current sandboxing application is below)
or
var pset = new PermissionSet(PermissionSet.Unrestricted); // set is empty o_O!
pset.RemovePermission(typeof(FileIOPermission)); // io permission still active
...
does not help.
full context:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Reflection;
using System.Runtime.Remoting;
class Sandboxer : MarshalByRefObject
{
const string uPath = @"..\..\..\KernelHost\bin\Debug";
static string aPath = Path.GetFullPath(uPath);
const string uAssembly = "KernelHost";
static void Main(string[] args)
{
var e = new Evidence();
e.AddHostEvidence(new Zone(SecurityZone.Trusted));
var pset = new PermissionSet(PermissionState.Unrestricted);
//pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
//pset.AddPermission(new UIPermission(UIPermissionWindow.AllWindows, UIPermissionClipboard.AllClipboard));
//pset.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, aPath));
//pset.SetPermission(new UIPermission(PermissionState.None));
pset.RemovePermission(typeof(UIPermission));
//pset.SetPermission(new FileIOPermission(PermissionState.None));
var ass = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();
var ads = new AppDomainSetup();
ads.ApplicationBase = aPath;
var sandbox = AppDomain.CreateDomain(
"Sandbox",
e,
ads,
pset,
ass);
Console.WriteLine(pset.Count);
foreach (IPermission p in pset)
{
Console.WriteLine(p.ToXml());
}
sandbox.ExecuteAssemblyByName("KernelHost");
}
}
- Is there an available open-source/commercial sandboxing solution for .NET 4.0 or maybe at a higher level for Windows Server 2008 R2 (also for native apps) that could help me out?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
充分的信任不仅仅是“一切”;它是“禁用检查” - 所以不,你不能“完全信任除了{foo}”,因为仍然不会检查任何内容。你必须有一个包容性的、尽管很大的集合。我确信我可以做一些非常讨厌的事情而不是写文件......
Full trust is more than "everything"; it is "disable checks" - so no, you can't have "full trust except {foo}", because there would still be nothing checked. You will have to have an inclusive, albeit large, set. And I'm sure there are some pretty nasty things I can do that aren't writing files...