search

CodeConnect / SourceBrowser

C# in. HTML out.
http://sourcebrowser.io
MIT License
91 stars 22 forks source link

Closes #69: Sandboxes MSBuild #73

Closed AmadeusW closed 9 years ago

AmadeusW commented 9 years ago

Uses ASP.NET impersomation to invoke MSBuild as a user with low privileges:

using (WindowsImpersonationContext impersonatedUser = WindowsIdentity.Impersonate(safeTokenHandle.DangerousGetHandle()))
{
    var sourceGenerator = new Generator.SolutionAnalayzer(solutionPath);
    var workspaceModel = sourceGenerator.BuildWorkspaceModel(repoRootPath);
    return workspaceModel;
}

This requires the server to create a new user without administrative privileges. Username and password for this user are to be saved in LowPrivilegeUser.config.

This user needs near full permissions (sans delete) to the /WorkspaceLogs folder (which must be created, if it doesn't exist): sb-security2

In any other folder, the user has standard permissions (to read). No special permissions need to be applied to SB_Files, GithubStaging nor luceneIndex. Alternatively, user may have no read permission to any folder with the exception of GithubStaging (which contains the source to be built): sb-security1

AmadeusW commented 9 years ago

We should still investigate whether the low privileged user may have read permissions across the hard drive, or should we restrict the read permissions only to GithubStaging