[Mono-dev] Compiling and executing untrusted code from a managed application

David Nelson eatdrinksleepcode at gmail.com
Tue Jan 27 06:59:10 UTC 2015


I want to be able to compile and execute untrusted code at runtime
from within a managed (C#) application. I have accomplished this in
.NET by compiling the code to an assembly on disk, creating a new
AppDomain with a limited permission set, and loading the compiled
assembly into that domain. Unfortunately this does not work in Mono;
the limited permissions are not respected and the dangerous code runs
successfully.

There is something called the Mono Sandbox, but it apparently has to
be enabled by the unmanaged host of the managed runtime. I am looking
for a solution that only involved managed code. The only thing I have
come up with so far is analyzing the compiled code with Mono.Cecil and
looking for anything dangerous.

Is there a more straightforward solution for this that I am missing?

Thanks,
David


More information about the Mono-devel-list mailing list