Sandboxed ironpython in c# SecurityException

Question

Alright so this is what I have

private static AppDomain CreateSandbox()
{
  var permissions = new PermissionSet(PermissionState.None);
  permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

  permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read| FileIOPermissionAccess.PathDiscovery, AppDomain.CurrentDomain.BaseDirectory));
  var appinfo = new AppDomainSetup();
  appinfo.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory;

  return AppDomain.CreateDomain("Scripting sandbox", null, appinfo, permissions, fullTrustAssembly);
}

And when I try to load up some broken python code

try
{
    var src = engine.CreateScriptSourceFromString(s.Python, SourceCodeKind.Statements);
    src.Execute(ActionsScope);
}
catch (Exception e)
{
    ExceptionOperations eo = engine.GetService<ExceptionOperations>();
    string error = eo.FormatException(e);
    Debug.WriteLine(error);
}

This gives me a SecurityException instead of letting me see the actual exception from the code. If I set the PermissionSet(PermissionState.Unrestricted) it works fine.

Any ideas on what permissions I need in order to catch these blasted errors?

System.Security.SecurityException was caught
  Message=Request failed.
  Source=Microsoft.Scripting
  GrantedSet=<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Read="F:\Programming\OCTGN\octgnFX\Octgn\bin\ReleaseMode with Debug\"
PathDiscovery="F:\Programming\OCTGN\octgnFX\Octgn\bin\ReleaseMode with Debug\"/>
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Execution"/>
</PermissionSet>

  PermissionState=<PermissionSet class="System.Security.PermissionSet"
version="1"
Unrestricted="true"/>

  RefusedSet=""
  Url=file:///F:/Programming/OCTGN/octgnFX/Octgn/bin/ReleaseMode with Debug/Microsoft.Scripting.DLL
  StackTrace:
       at Microsoft.Scripting.SyntaxErrorException.GetObjectData(SerializationInfo info, StreamingContext context)
       at System.Runtime.Serialization.ObjectCloneHelper.GetObjectData(Object serObj, String& typeName, String& assemName, String[]& fieldNames, Object[]& fieldValues)
       at Microsoft.Scripting.Hosting.ScriptSource.Execute(ScriptScope scope)
       at Octgn.Scripting.Engine.LoadScripts() in F:\Programming\OCTGN\octgnFX\Octgn\Scripting\Engine.cs:line 58
  InnerException: 

Answer 1

Based on the stack trace, you have a syntax error in your code, so the Python runtime throws SyntaxErrorException. That exception is not caught and so it has to be serialized across the appdomain boundary.

I think the problem now is that the method GetObjectData() of SyntaxErrorException is marked [SecurityCritical], which means it can be called only by fully trusted code.