views:

70

answers:

1

I have a plug-in vector established using System.AddIn that accepts the body of a pre-defined method, munges the method body into boilerplate code, generates the assembly and executes the method.

The assembly references System and System.Core and is sandboxed with

var pset = new PermissionSet(PermissionState.None);
pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

The only exception I can find reference to that could possible bring down the host is a stack overflow, which could be invoked any number of creative means, e.g. closing the body and declaring a recursive method etc...

And then there are the possible attack vectors exposed by the referenced assemblies, System and System.Core.

My question is: How safe is this and what are some examples of malicious code that could potentially bring down the host and possible ways to prevent such attacks?

UPDATE: also for those familiar with the Managed AddIn Framework, apply the same question to AddInSecurityLevel.Internet.

+1  A: 

It usually isn't hard for an add-in to bomb the host. All it has to do is start a thread and make it throw an unhandled exception. Jesse Kaplan has blogged about a possible counter-measure for those kind of failures. Sandboxing was covered by Shawn Farkas in this blog post.

Hans Passant