code access security, local application
From: Wiktor Zychla (ieUser_at_microsoft.com.no.spam)
Date: Tue, 6 May 2003 11:46:48 +0200
[also posted to donet.framework]
I've read several docs about .net security. I am interested in code
access security. I've experimented with .NET framework Configuration tool.
However, there's one thing I do not understand (or I do not know how to
do). Suppose I get an application from someone, I put it in C:\000 but I do
not trust this application. I would like to "sandbox" it, i.e. give it only
a fixed set of permissions.
So, I bring .NET Framework Configuration tool, I add new code group
under "Machine/All Code", I associate the group with new permission set and
I set the membership condition to Application Directory (is it ok?). I call
my new code group "XYZ".
Then I wish the application, C:\000\myApplication.exe, to be in the group
XYZ to force my custom permission set. But I do not know how to do this! I
have no idea how to add particular application, located on my hard disk, to
my own code group with my own permissions.
Is it possible? Do I miss something? I suppose this should be possible
but at the moment I have no idea how to do it. Remember that my primary goal
is to "sanbox" a local application, i.e. define my own permission set and
run my application against the set. Maybe there are other ways to accomplish
Big thanks for help,