tags:

views:

333

answers:

2

How to create sandbox in C# for external process? As sandbox i understand an environment for process i start from C#, that stop that process from interfering with anything else - kernel, system variables, system configuration, memory, registry, disk, hardware, location other than starting place and so on. I want place executable in one place and be sure that this place is only place that can be changed by this process. Additionaly, executable can be written in c, c++, c# etc.

+1  A: 

Using Sandboxie as an example of what I think you are wanting to achieve to some extent. IMHO, you will not be able to do this in pure managed code.

If you want to be able to limit what actions and the effect of an application regardless of if it is a managed or native or even Java application. The implication is that you will need to monitor every action taken by the application and take the approriate action to ensure that it does not impact your system. The appropriate action could mean that you redirect the application write to an alternate location on the disk, write a virtualized registry so that the real registry is not impacted etc. etc. All this will require a lot of low level work that managed code does not provide today.

Note I said pure managed code, you could of course use Interop Services etc. to take advantage of unmanaged implementation of certain areas of code, or you could use managed C++. However, depending on the exact details of what you want your sandbox to do you will probably need to implementa a kernel mode driver to ensure that you can sufficiently virtualize the environment for the sandboxed user mode applications.

Chris Taylor
You said about redirection to another registry or disk location. How about complete block use of registry, and don't bother with redirection? Will it be simpler? Because those applications don't need any any of those functionality. I just want to block them.
SuitUp
@SuitUp, while this maybe easier the same or similar mechanism are still required to intercept the calls and fail them. The simplification which is significant is that you do not need to virtualize the registry etc. but the complexity of interception is still there. You can use a library like Detours for the interception, but to be honest I doubt this will give you a robust and reliable sandbox solution, of course I am assuming you require a complete reliable and secure solution, which would require more than basic call interception.
Chris Taylor
You assumption is correct. Can you give me some technical details?
SuitUp
+1  A: 

If you only wanted to run managed code, it's relatively easy to create a Sandbox environment using an AppDomain w/ a restricted permission set:

        PermissionSet ps = new PermissionSet(PermissionState.None);
        // ps.AddPermission(new System.Security.Permissions.*); // Add Whatever Permissions you want to grant here

        AppDomainSetup setup = new AppDomainSetup();
        Evidence ev = new Evidence();

        AppDomain sandbox = AppDomain.CreateDomain("Sandbox",
            ev,
            setup,
            ps);

        sandbox.ExecuteAssembly("ManagedAssembly.exe");

But as soon as you open the door to unmanaged/unsafe code all bets are off, and it becomes very difficult to secure 3rd party code. As has been mentioned, you basically have to create a shim between the executing code and the OS to limit what it can do, unless it is sufficient to run it as a restricted user and rely on ACLs/UAC alone to protect you.

NOTE: that code sample is not a working sample, just an idea of what the code would look like. Some finagling w/ Evidence and AppDomainSetup will probably be necessary, and you should certainly research/test the heck out of it considering the security implications. Here's a good article on the topic: http://msdn.microsoft.com/en-us/magazine/cc163701.aspx

Paul Wh
How about unmanaged/unsafe code and some code snippets?
SuitUp
To be honest, I wouldn't really know where to start with unmanaged/unsafe code, and figuring it out would be a several month project requiring a deep understanding of the Windows OS, Kernel/System calls, Memory Allocation and access. People who work at Microsoft can't even get this stuff right.
Paul Wh
My advice: change your requirements, either only accept managed code, or make it clear to your users that they should only use 3rd party executables that they trust.Unless you just mean running a process as a different user, in which case check out the Domain/UserName/Password properties of the ProcessStartInfo class.
Paul Wh
The point is, I can't accept only managed code (performance, i need pure c most of the time) and the whole idea is to use 3rd party executables. This is the main use of whole system. What should i do now? Make new question or what?
SuitUp