沙盒化AppDomain中的线程安全性 [英] Thread security in sandboxed AppDomain

问题描述

我有一个应用程序域来托管不受信任的代码/程序集.我通过安全属性解决了安全性的所有问题，并且效果很好.不受信任的代码在专用线程上运行.CLR为2.0.这就是我的

I have an application domain to host untrusted code/assembly. I solved all problems with security with security attributes and it works well. The untrusted code runs on dedicated thread. CLR is 2.0. This is what I have AppDomainShell AppDomainSeed, Shell is running in main domain, seed is trusted proxy/helper in untrusted domain.

我有兴趣限制创建新线程和更改优先级.目前，我不受信任的程序集可以设置ThreadPriority.Highest或通过创建10k线程来终止操作系统.没有 SecurityPermissionFlag.ControlThread ，但这仅阻止了Abort()之类的高级操作.

I'm interested to restrict creating new threads and changing priority. At the moment my untrusted assembly could set ThreadPriority.Highest or kill operating system by creating 10k threads. There is SecurityPermissionFlag.ControlThread but that prevents just from advanced operations like Abort().

我当时在研究Thread类的实现，对于那些简单的操作，C#API上没有声明式的安全性，其余的实现是本机的.

I was looking at Thread class implementation and there is no declarative security on C# API of it for those simple operations, rest of the implementation is native.

我想我可以使用某些Win32函数在操作系统级别上禁止该功能.但是，操作系统如何识别不可信的线程/代码/程序集? SetThreadPrincipal()吗?

I guess I could use some Win32 functions to ban that on OS level. But how operating system recognizes the thread/code/assembly which is not trusted? SetThreadPrincipal() ?

是否有CLR的任何API可能会被滥用?我更喜欢无需安装且可移植到Mono(:-/hmmm)的解决方案.

Is there any API of CLR which could be abused ? I prefer solution without need for installation and portable to Mono, :-/ hmmm.

欢迎其他任何想法.谢谢！

Any other ideas welcome. Thanks!

推荐答案

我正在考虑另一种解决方案.不受信任的程序集的CIL的静态分析.我可以搜索所有方法，属性，构造函数.识别对类型的引用.如果找到对线程类型的引用，则会抛出安全异常并卸载程序集.

I'm considering another solution. Static analysis of CIL of untrusted assembly. I could search thru all methods, properties, constructors. Recognize references to types. If I found reference to Thread type, I throw security exception and unload assembly.

我非常喜欢Jb Evain的作品.他创建了 Mono Cecil ，但这是非常沉重的.他还起草了 CIL阅读器，.NET反射.

I quite like work of Jb Evain. He created Mono Cecil, but that's quite heavyweight. He also drafted CIL reader, just with .NET reflection.

我使用CIL Reader创建了基于反射的Linq .用法看起来像这样.

I created Linq over reflection using CIL Reader. Usage look like this.

var myAssembly = typeof (Program).Assembly;
foreach (Type usedType in myAssembly.GetUsedTypes())
{
    if (typeof (Thread).IsAssignableFrom(usedType) ||
        typeof (ThreadPool).IsAssignableFrom(usedType) ||
        typeof (ThreadPriority).IsAssignableFrom(usedType)
        )
    {
        throw new SecurityException("Thread usage is banned here!");
    }
}

这篇关于沙盒化AppDomain中的线程安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！