是否可以将".Net DLR"托管在“防白痴"机制中?沙盒? [英] Is it possible to host the .Net DLR in an "idiot-proof" sandbox?
问题描述
我想以一种这样的方式托管动态语言运行时(DLR):在其中运行任意脚本的用户无法关闭该进程吗?
I would like to host the Dynamic Language Runtime (DLR) in such a way that users who run arbitrary scripts in it cannot bring the process down?
DLR托管规范描述了如何托管DLR.在单独的ApplicationDomain中.这样可以拆除和卸载脚本运行时,并通过CAS限制某些操作(例如,我可以限制文件系统访问或禁止使用反射).
The DLR hosting spec describes how to host the DLR in a separate ApplicationDomain. This allows to tear down and unload a script runtime and to restrict certain operations through CAS (e.g. I can restrict file system access or disallow use of reflection).
但是还有其他方法可以例如: -限制脚本使用的最大内存量? -限制脚本创建的线程数? -检测死锁脚本?
But are there also ways to for example: - restrict the maximum amount of memory used by a script? - restrict the number of threads created by a script? - detect deadlocked scripts?
我认为,使用不受管理的.net托管API,可以实现这种细粒度的控制是为SQL Server开发的.这是前进的方向吗?是否有用于此类常规.net沙箱的开源项目?
I think such fine grained control could be possible using the unmanaged .net hosting API that was developed for SQL server. Is this the direction to go? Are there open source projects for this kind of general .net sandboxing?
以下是我发现的一些潜在有用的参考文献:
Here are a few potentially useful references that I found:
- 发现使用.NET Framework 2.0安全托管不受信任的加载项的技术 Dli讨论列表上的
- 主机保护线程
- 使用主机保护(.Net安全博客)
- Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0
- Host protection thread on DLR discussion list
- Using Host Protection (.Net security blog)
推荐答案
看看 Terrarium - -在这款游戏中,您可以使用.NET语言构建自己的自主生物,并将它们连同描述的程序集一起传送到其他联网计算机.目标是让您的生物接管整个生态系统,通过杀死其他一切或通过战略性地管理粮食资源来实现.
Have a look at Terrarium -- it's a game where you build your own autonomous critters in a .NET language, and they're teleported to other networked computers along with the assemblies that they're described in. The goal is to have your critter take over the entire ecosystem, either by killing everything else or by strategically managing food resources.
我记得,任何花费超过0.n秒的思考"或n kb的内存的生物都将被删除.
As I recall, any critter that spends more than 0.n seconds "thinking" or n kb of memory gets deleted.
这篇关于是否可以将".Net DLR"托管在“防白痴"机制中?沙盒?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
