11

Is there a way to sandbox execution of a script such that it a) Can't do anything "dangerous" and b) it can access any files it wants to so long as the file is within the same directory as the script file itself. Kind-of as-if it were to treat all file-paths as relative.

I guess I'm asking about Roslyn's scripting security measures and their level of customization.

Improve this question
9
  • 1
    Roslyn will not help you with that at all. Commented Mar 20, 2016 at 1:16
  • 1
    Roslyn has absolutely no security when executing scripts? That's even worse than faking scripting with codedom. Commented Mar 20, 2016 at 2:33
  • 1
    Securely allowing arbitrary code is an extremely hard problem. Roslyn does not try to address that; you should not run untrusted scripts. Commented Mar 20, 2016 at 2:35
  • In fact, if you also want to protect the secrecy of other data on the same computer, it's basically impossible. Commented Mar 20, 2016 at 2:36
  • 1
    Yeah, I was hoping there would be an easy way to "secure" things. Because .Net could make quite the powerful scripting engine for a game. Looks like I'll have to find a different route, thanks for the advices! Commented Mar 20, 2016 at 2:46

1 Answer 1

Reset to default
1

This is possible, but as SLaks says, it is a hard problem. You should probably read In .NET 4.0, how do I 'sandbox' an in-memory assembly and execute a method?. You would need the following steps

  • Use a CSharpCodeProvider or VBCodeProvider to compile the source to an assembly on the harddrive.
  • Create a new AppDomain granting it only those permissions you would like it to have.
  • Use MarshalByRefObject's to communicate back and forth between your original AppDomain and the child AppDomain you've just created. See this and this.
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

A: I was hoping to avoid System.CodeDom. B: I was also hoping to avoid creating another appdomain. C: I require greater control over script permissions than this would allow. For example, I'm OK with scripts playing with file-IO, but only if I can force all file-io activities to work out of directories relative to my app's .exe (yes, even if they try to specify an absolute directory). I knew these goals were longshots though, to be honest.
AFAIK, this is not possibly anymore with DotNetCore.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.