ControlThread (SecurityPermission)

From: Thread enumeration (whatabohr@hotmail.com)
Date: 03/24/03

• Next message: Dave: "Re: ControlThread (SecurityPermission)"
• Previous message: Roshawn: "MS Access and .NET Security"
• Next in thread: Dave: "Re: ControlThread (SecurityPermission)"
• Reply: Dave: "Re: ControlThread (SecurityPermission)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Thread enumeration" <whatabohr@hotmail.com>
Date: Sun, 23 Mar 2003 21:29:48 -0800

I am writing an application which needs to allow
partially trusted plugins to execute. I load these
assemblies with very few permissions (In fact, I have
tried it with _nothing_ but execute).

I find however that even without the ControlThread
SecurityPermission being assigned, the plugin code still
seems to have full control over creating a thread and
setting priority. I need a way to prevent the plugin
(which is potentially malicious) from creating a new
thread and performing a DOS against legitimate code.

When I call into a plugin I create a thread and execute
on that thread (having assigned it a lower priority) then
I have a monitor thread which is capable of aborting the
plugin thread if it doesn't return after a timeout. This
works great, what I cannot do is prevent the plugin from
spawning a thread (which I have no way of controlling)
which survives after I kill the parent thread.

If there was some way I could enumerate the managed
threads, then perhaps I could identify these leftover
threads and abort them, but I cannot find a way to do
this. From a System.Diagnostics.Process instance I can
enumerate the unmanaged threads, but there seems to be no
way to translate from these to managed Thread objects,
nor any way to terminate them.

Any thoughts?

---

• Next message: Dave: "Re: ControlThread (SecurityPermission)"
• Previous message: Roshawn: "MS Access and .NET Security"
• Next in thread: Dave: "Re: ControlThread (SecurityPermission)"
• Reply: Dave: "Re: ControlThread (SecurityPermission)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Question about design/implementation ... You need to store and execute arbitrary user configurations of "atomic" elements with sequential dependencies among the elements. ... PLUGIN class contains the code to implements "x2" or "+2" algorithm. ... If you can use any layered model infrastructure to make the coding of the display and persistence easier, ... But build that around your problem solution rather than building your problem solution around the layered model. ... (comp.object) Re: ControlThread (SecurityPermission) ... Have you tried executing the plugin in a separate appdomain? ... > partially trusted plugins to execute. ... > I find however that even without the ControlThread ... (microsoft.public.dotnet.security) Re: Trying to install GNASH ... various downloads and I unpacked gnash and all its required dlls into a ... folder and it will execute as a standalone program from there. ... find any instructions on installing the plugin. ... (comp.os.os2.apps) Re: How do I import everything in a subdir? ... > I have a program which I want a plugin directory for. ... Then my program can just execute the mainmethod of ... > each imported plugin. ... (comp.lang.python) Re: ControlThread (SecurityPermission) ... I did consider loading the plugin into a seperate ... ability to force that AppDomain to unload. ... >> I find however that even without the ControlThread ... (microsoft.public.dotnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2003-03