How to create sandbox in C# for external process?

Question

How to create sandbox in C# for external process? As sandbox I understand an environment for process I start from C#, that stop that process from interfering with anything else - kernel, system variables, system configuration, memory, registry, disk, hardware, location other than starting place and so on.

I want place executable in one place and be sure that this place is only place that can be changed by this process. Additionally, executable can be written in C, C++, C# and etc.

Answer 1

If you only wanted to run managed code, it's relatively easy to create a Sandbox environment using an AppDomain w/ a restricted permission set:

        PermissionSet ps = new PermissionSet(PermissionState.None);
        // ps.AddPermission(new System.Security.Permissions.*); // Add Whatever Permissions you want to grant here

        AppDomainSetup setup = new AppDomainSetup();
        Evidence ev = new Evidence();

        AppDomain sandbox = AppDomain.CreateDomain("Sandbox",
            ev,
            setup,
            ps);

        sandbox.ExecuteAssembly("ManagedAssembly.exe");

But as soon as you open the door to unmanaged/unsafe code all bets are off, and it becomes very difficult to secure 3rd party code. As has been mentioned, you basically have to create a shim between the executing code and the OS to limit what it can do, unless it is sufficient to run it as a restricted user and rely on ACLs/UAC alone to protect you.

NOTE: that code sample is not a working sample, just an idea of what the code would look like. Some finagling w/ Evidence and AppDomainSetup will probably be necessary, and you should certainly research/test the heck out of it considering the security implications. Here's a good article on the topic: http://msdn.microsoft.com/en-us/magazine/cc163701.aspx

Answer 2

Using Sandboxie as an example of what I think you are wanting to achieve to some extent. IMHO, you will not be able to do this in pure managed code.

If you want to be able to limit what actions and the effect of an application regardless of if it is a managed or native or even Java application. The implication is that you will need to monitor every action taken by the application and take the approriate action to ensure that it does not impact your system. The appropriate action could mean that you redirect the application write to an alternate location on the disk, write a virtualized registry so that the real registry is not impacted etc. etc. All this will require a lot of low level work that managed code does not provide today.

Note I said pure managed code, you could of course use Interop Services etc. to take advantage of unmanaged implementation of certain areas of code, or you could use managed C++. However, depending on the exact details of what you want your sandbox to do you will probably need to implementa a kernel mode driver to ensure that you can sufficiently virtualize the environment for the sandboxed user mode applications.