Sandboxing code dynamically

I have found a good article on Ivan's blog on the proper way to sandbox code.

I have been getting questions from people about how to make a piece of managed code execute in a security restricted environment, or how to "sandbox" it. Some people are trying to use stack walk modifiers (such as Deny()) to do it, which does not work for this purpose.

I'm afraid I fell into this trap.  I thought if I denied everything (including the permission to Assert) I would be pretty safe.  Does anyone know why this doesn't work?  I will have to do some experiments.

1 Comment

  • Using 'Deny' on thw stack doesn't work because it only affects the given thread and it's stack. In a GUI application all the event handlers are triggered with a different thread and stack so the code runs with full permissions.

Comments have been disabled for this content.