防止在 AppDomain 中创建线程
我设置了一个小示例,其中我在没有任何权限的情况下将程序集加载到新的 AppDomain 中。这工作正常,程序集无法访问文件系统并且无法侦听套接字。
但我想阻止另一件事:线程创建。为什么?因为理论上这个程序集可以创建一个线程,从而创建更多线程并淹没我的内存。
我想到了(在我看来)最好的方法:限制 AppDomain 的内存。这可能吗?如果不是,我该怎么做才能避免创建线程?
使用此代码创建线程
Thread t = new Thread(this.DoWork);
t.Start();
和 AppDomain 的此代码
PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read |
FileIOPermissionAccess.PathDiscovery,
this.path));
AppDomainSetup info = new AppDomainSetup { ApplicationBase = this.path };
this.domain = AppDomain.CreateDomain("Sandbox", null, info, set, null);
(好吧,我授予了对要加载程序集的文件夹中的文件系统的访问权限,这只是因为 StrongName fullTrustAssembly = typeof(SecureInstance).Assembly .Evidence.GetHostEvidence 对我也不起作用
希望 s/o 可以提供帮助。
I've set up a little example where I loaded an assembly into a new AppDomain without any Permission. This works fine, the assembly can't access the file system and can't listen to sockets.
But there is another thing i want to prevent: Thread creation. Why? Cause theoreticly this assembly can create a thread which creates even more threads and flood my memory.
I thought of the (in my opinion) best way: Limiting the memory of an AppDomain. Is this possible? And if not, what can i do to avoid thread creation?
Used this code to create the thread
Thread t = new Thread(this.DoWork);
t.Start();
And this code for the AppDomain
PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read |
FileIOPermissionAccess.PathDiscovery,
this.path));
AppDomainSetup info = new AppDomainSetup { ApplicationBase = this.path };
this.domain = AppDomain.CreateDomain("Sandbox", null, info, set, null);
(Ok, i gave access to the file system in the folder where i want to load the assembly, this is just because StrongName fullTrustAssembly = typeof(SecureInstance).Assembly.Evidence.GetHostEvidence<StrongName>(); don't work for me either.
Hope s/o can help. (:
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
似乎这个问题没有简单的答案。您可以做的是使用 .NET Profiling API 来尝试监视 AppDomain 中的内存使用情况。您可以在此处找到有关它的更多信息,但您需要进行一些挖掘: http://msdn.microsoft.com/en-us/library/bb384493.aspx
无论如何,在一个较低优先级的单独进程中运行您想要运行的任何内容不是更好吗?所有内存分配都疯狂,它不会影响您的进程,操作系统会杀死它并且它不会影响您的主进程?
Seems like there's no easy answer for this. What you can do is use the .NET Profiling API to try and monitor memory usage in your AppDomain. You can find out more about it here, but you'll need to do some digging: http://msdn.microsoft.com/en-us/library/bb384493.aspx
Anyway, isn't it better to run whatever you want to run in a separate process with a lower priority, so if it goes all wild with memory allocations, it doesn't affect your process, the OS kills it and it doesn't affect your main process?