Menu
I have a plug-in vector established using System.AddIn that accepts the body of a pre-defined method, munges the method body into boilerplate code, generates the assembly and executes the method.
The assembly references System and System.Core and is sandboxed with
var pset = new PermissionSet(PermissionState.None);
pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
The only exception I can find reference to that could possible bring down the host is a stack overflow, which could be invoked any number of creative means, e.g. closing the body and declaring a recursive method etc...
And then there are the possible attack vectors exposed by the referenced assemblies, System and System.Core.
My question is: How safe is this and what are some examples of malicious code that could potentially bring down the host and possible ways to prevent such attacks?
UPDATE: also for those familiar with the Managed AddIn Framework, apply the same question to AddInSecurityLevel.Internet.
421
It usually isn't hard for an add-in to bomb the host. All it has to do is start a thread and make it throw an unhandled exception. Jesse Kaplan has blogged about a possible counter-measure for those kind of failures. Sandboxing was covered by Shawn Farkas in this blog post.
144
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
