How to create sandbox in C# for external process?

Question

How to create sandbox in C# for external process? As sandbox I understand an environment for process I start from C#, that stop that process from interfering with anything e

Answer 1

If you only wanted to run managed code, it's relatively easy to create a Sandbox environment using an AppDomain w/ a restricted permission set:

        PermissionSet ps = new PermissionSet(PermissionState.None);
        // ps.AddPermission(new System.Security.Permissions.*); // Add Whatever Permissions you want to grant here

        AppDomainSetup setup = new AppDomainSetup();
        Evidence ev = new Evidence();

        AppDomain sandbox = AppDomain.CreateDomain("Sandbox",
            ev,
            setup,
            ps);

        sandbox.ExecuteAssembly("ManagedAssembly.exe");

But as soon as you open the door to unmanaged/unsafe code all bets are off, and it becomes very difficult to secure 3rd party code. As has been mentioned, you basically have to create a shim between the executing code and the OS to limit what it can do, unless it is sufficient to run it as a restricted user and rely on ACLs/UAC alone to protect you.

NOTE: that code sample is not a working sample, just an idea of what the code would look like. Some finagling w/ Evidence and AppDomainSetup will probably be necessary, and you should certainly research/test the heck out of it considering the security implications. Here's a good article on the topic: http://msdn.microsoft.com/en-us/magazine/cc163701.aspx