[IronPython] Restricting IronPython/DLR in a Sandbox?

Curt Hagenlocher curt at hagenlocher.org
Tue Apr 1 22:58:40 CEST 2008 

(I think) I can repro this with the following code:

static void Main() {
    AppDomainSetup info = new AppDomainSetup();
    info.ApplicationBase = System.Environment.CurrentDirectory;
    info.ApplicationName = "Test";
    Evidence evidence = new Evidence();
    evidence.AddHost(new Zone(SecurityZone.Internet));
    AppDomain newDomain = AppDomain.CreateDomain("test", evidence, info);
    ScriptRuntime runtime = ScriptRuntime.Create(newDomain);
 }

System.MethodAccessException was unhandled
  Message="RemoteRuntimeFactory..ctor(
Microsoft.Scripting.Hosting.ScriptRuntimeSetup)"
  Source="mscorlib"
  StackTrace:
       at System.Reflection.MethodBase.PerformSecurityCheck(Object obj,
RuntimeMethodHandle method, IntPtr parent, UInt32 invocationFlags)
       at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
       at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr,
Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes)
       at System.Activator.CreateInstance(Type type, BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[]
activationAttributes)
       at System.Activator.CreateInstance(String assemblyName, String
typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder,
Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence
securityInfo, StackCrawlMark& stackMark)
       at System.Activator.CreateInstance(String assemblyName, String
typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder,
Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence
securityInfo)
       at System.AppDomain.CreateInstance(String assemblyName, String
typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder,
Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence
securityAttributes)
       at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName,
String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder
binder, Object[] args, CultureInfo culture, Object[] activationAttributes,
Evidence securityAttributes)
       at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName,
String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder
binder, Object[] args, CultureInfo culture, Object[] activationAttributes,
Evidence securityAttributes)
       at
Microsoft.Scripting.Hosting.ScriptRuntime.RemoteRuntimeFactory.CreateRuntime(AppDomain
domain, ScriptRuntimeSetup setup)
       at Microsoft.Scripting.Hosting.ScriptRuntime.CreateInternal(AppDomain
domain, ScriptRuntimeSetup setup)
       at Microsoft.Scripting.Hosting.ScriptRuntime.Create(AppDomain domain)
       at ConsoleApplication7.Program.Main() in
C:\Users\CurtH\Documents\Visual Studio
2008\Projects\ConsoleApplication1\ConsoleApplication7\Program.cs:line 27
       at System.AppDomain._nExecuteAssembly(Assembly assembly, String[]
args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence
assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException:


On Tue, Apr 1, 2008 at 1:33 PM, Dino Viehland <dinov at exchange.microsoft.com>
wrote:

>  Can you give us the full stack trace of the exception that gets thrown
> and also what version of the CLR are you running against?
>
>
>
> It may be the case that partial trust will require the latest and greatest
> patch of .NET as there have been some changes to enable reflection /
> reflection emit to work better in partial trust.  But it could also be a DLR
> or IronPython bug when running in partial trust on the desktop CLR.
>
>
>
> *From:* users-bounces at lists.ironpython.com [mailto:
> users-bounces at lists.ironpython.com] *On Behalf Of *Sho List
> *Sent:* Tuesday, April 01, 2008 12:43 PM
> *To:* users at lists.ironpython.com
> *Subject:* [IronPython] Restricting IronPython/DLR in a Sandbox?
>
>
>
> Hello IronPythoners,
>
> I am using the IronPython 2 Beta 1 on .Net 2.0.
>
> My goal is to create a restricted sandbox for scripts to run in using the
> DLR. I have searched high and low and have not found a solution utilizing
> the latest python beta release and DLR. It would seem this is something that
> should be straightforward to accomplish as the DLR's ScriptRuntime.Createtakes an AppDomain as an overload. And indeed, my Python engine and runtime
> are loaded in the remote AppDomain, however I can only get it to work when
> the AppDomain has FullTrust permissions. Anything lower (say Intranet Zone
> and the like) and it throws a Method Access Exceptions on the
> ScriptRuntime.Create method.
>
> I have tried creating the AppDomain like so:
> AppDomain.CreateDomain(name, defaultEvidence, appDomainSetup,
> defaultPermissions, TrustedAssemblies.ToArray)
>
> Where:
> name is the name
> defaultEvidence is the evidence for the restricted zone
> appDomainSetup sets the BaseDirectory
> defaultPermissions is the permission set of the restricted zone
> TrustedAssemblies is a list containing references to "Microsoft.Scripting",
> "IronPython", "IronPython.Modules"
>
> Using any zone other than MyComputer results in the exception. I am not
> stuck on getting a permission set from a predefined zone, I have tried
> creating permissions sets other ways with the same result. Using zones seems
> easier for illustration.
>
> I need IronPython scripts to be run in a fairly constrained environment.
> No file IO, no loading assemblies. Basically, just the ability for the user
> to interact with the Hosting apps object model with some basic .Net library
> functions like String etc.
>
> Thanks!
>  ------------------------------
>
> Pack up or back up–use SkyDrive to transfer files or keep extra copies. Learn
> how.
>
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20080401/2dd4fff6/attachment.html>

More information about the Ironpython-users mailing list