Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Create java sandbox based on security policies

Tags:

java

sandbox

I need to create environment to run potentially untrusted code. Program allowed to connect to preconfigured address:port and nothing else (even read the system time). I have compiled the class whitelist. I'd searched similar questions, but found only template that based on SecurityManager which AFAIK is deprecated. Can anybody give me a simple sample how to run code in sandbox based on security policies and AccessController?

like image 352
gordon-quad Avatar asked May 19 '10 17:05

gordon-quad

People also ask

What is Java sandbox model of security?

The original security model provided by the Java platform is known as the sandbox model, which existed in order to provide a very restricted environment in which to run untrusted code obtained from the open network.

What are the elements of Java sandbox?

In a Java programming language, the sandbox is the program area and it has some set of rules that programmers need to follow when creating Java code (like an applet) that is sent as part of a page. The sandbox restrictions provide strict limitations on which system resources the applet can request or access.

Which element of the Java sandbox Associates permission with a particular code source?

The java. security file associates the permission (grant ... permission ...) with the principals.

Does JVM provide default security manager?

By default, Java applications have no security restrictions placed on activities requested of the Java API. To use Java security to protect a Java application from performing potentially unsafe actions, you can enable a security manager for the JVM in which the application runs.

1 Answers

As far as I know it's still SecurityManager that runs the security checks. But it seems to delegate to the AccessController nowadays.

First you'll need to switch on the security manager:

-Djava.security.manager

If you omit this argument there'll be no sandbox whatsoever.

Second you'll need to tell where to find the policy file:

-Djava.security.policy=

This will add your permissions to the ones already defined in your java home. The original sandbox rules in .../jre/lib/security/java.policy. However, if you want your policy to be the only one you'll need to use a double "=". This way you control completely what's allowed.

For example:

-Djava.security.policy==

I would advise you to use the "policytool" shipped with the Java. It's fairly basic but it helps you to write quickly a policy file with the correct syntax.

I hope this helps...

like image 138
Jan Goyvaerts Avatar answered Oct 06 '22 05:10

Jan Goyvaerts
Sign in to Comment

Related questions

IntelliJ can't find generated sources when used in same module
Currently connected bluetooth device android
Java beep sound: Produce sound of some specific frequencies
Polymorphism doesn't work in method arguments in Java
Using Different Location for Eclipse's .p2 tree ("bundle pool")
Instant toString prepends plus
Is it worth using distinct() with collect(toSet())
How to check if a message has a combined character in it?
Hibernate/JPA unidirectional OneToMany with join condition on constant value in source table
Is it possible to disable modules in Java 9? [closed]
ZonedDateTime comparison: expected: [Etc/UTC] but was: [UTC]
Why are ConcurrentSkipListSet ascending Iterators 'faster' than descending ones?
Java+Tomcat, Dying database connection?
JSF unit testing
GUI programming in Scala
Problem running .bat file on Windows due to "input line is too long"
Are static fields in Activity classes guaranteed to outlive a create/destroy cycle?
Using Sonatype nexus in local network [closed]
java inner/outer class questions about outer class private variables access
Disable jmx in activemq network of brokers (spring, xbean)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!