Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent plugins from executing harmful code

I'm currently working on a very modular and plugin-based framework for my bachelor's thesis. The main idea is, that there is a folder inside my application structure named plugins where you can drop in compiled plugins (e.g. .dll-files), that conform to a special interface IPlugin. The application then executes tasks using the plugin a user selects. So, if I want to perform a task once in a PDF-file, I'd choose the PdfPlugin and once in a word document, I'd choose the DocPlugin to the work.

The output is also defined in interfaces, so every plugin returns the same data structure. Just the actual work differs for each library.

Now, as the application just calls the methods defined in the interface, e.g. ParseDocument() and such, how can I prevent the plugins (that may have been developed by third parties) from executing harmful code?

I'm working on .NET3.5 (maybe will switch to 4, not yet decided) and C#.

like image 323
F.P Avatar asked Jul 06 '12 14:07

F.P


1 Answers

I'm working on .NET3.5

In that case, I would isolate your Plugins to run in a separate AppDomain, use Code Access Security and restrict the permission set of the App Domain. This "sandboxes" your plugin assemblies.

For instance, you could take away all Unmanaged Code permissions and File IO Permissions, and then your plugin would never be able to write to the file system.

This isn't for the faint of heart. AppDomains can be tricky to work with and require serialization, object lifetime policies, etc. You could use MAF as it takes away a lot of the plumbing.

like image 72
vcsjones Avatar answered Nov 05 '22 20:11

vcsjones