I would like to host the Dynamic Language Runtime (DLR) in such a way that users who run arbitrary scripts in it cannot bring the process down?
The DLR hosting spec describes how to host the DLR in a separate ApplicationDomain. This allows to tear down and unload a script runtime and to restrict certain operations through CAS (e.g. I can restrict file system access or disallow use of reflection).
But are there also ways to for example: - restrict the maximum amount of memory used by a script? - restrict the number of threads created by a script? - detect deadlocked scripts?
I think such fine grained control could be possible using the unmanaged .net hosting API that was developed for SQL server. Is this the direction to go? Are there open source projects for this kind of general .net sandboxing?
Here are a few potentially useful references that I found:
- Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0
- Host protection thread on DLR discussion list
- Using Host Protection (.Net security blog)