[Mono-list] Sandbox

Peter Robinson pete at madhippy.com
Mon Jan 12 22:00:16 UTC 2015


I've done something similar in vanilla dotnet

1) compile code using the CSharpCodeProvider
2) create an IMarshalByRefObject implementation that takes the created
assembly as a byte[], loads it  and can execute the code
3) in the 'manager', create a new AppDomain with low security permissions -
load the IMarshalByRefObject
4) can then execute the loaded code

Key things to check
1) IMarshalByRefObject doesn't accidentally cause types to be loaded from
the loaded assembly (ie check return types etc)
2) InitialiseLifetimeService correctly setup
3) correct use of code access security linked with the AppDomain permissions

This was a pre-roslyn implmentation, would be much easier now.

I'd have thought monos eval functionality would be useful too.


On 12 January 2015 at 08:30, Ollhax <ollhak at gmail.com> wrote:

> Hrm, interesting. Is it even possible to run Mono with such settings?
>
>
>
> --
> View this message in context:
> http://mono.1490590.n4.nabble.com/Sandbox-tp4665163p4665171.html
> Sent from the Mono - General mailing list archive at Nabble.com.
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-list/attachments/20150112/509fa232/attachment.html>


More information about the Mono-list mailing list