Java file permissions for threads

Question

I'm programming a Java server that has to handle Python code given by the user using Jython. Obviously, I can't just execute it without some risk of a cracker accessing files and system commands that he/she shouldn't. I've been searching for some way to restrict file permissions for specific threads for hours now, and the closest I've gotten was restricting file permissions for the entire application. Is there a class implemented that does something like this, or some method to do it?

Answer 1

You could try using java.lang.SecurityManager. See also this question about using a security manager to set different security settings per thread.

You can set a security manager and security policy like this:

jython -Djava.security.manager=securitymanager -Djava.security.policy=policyfile

where securitymanager is the security manager to use and policyfile contains policy specification as described for example here. If you use a policy file as the source for the security policy, here is an example:

grant {
  permission java.security.AllPermission;
}

Jython will need some permissions to start up including the following:

grant {
  permission java.io.FilePermission "${user.home}${/}-", "read, write";
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "getProtectionDomain";
};

(this assumes your cachedir is under the current user's HOME directory). This will do something close to what you need allowing read and write access to files under the current user's HOME and disallowing access to all other parts of the filesystem. Here is the outcome (the first open() refers to a file under the current user's HOME directory since this is the current working directory):

>>> f1=open('test.txt', 'r')
>>> f2=open('/tmp/test.txt', 'r')
Traceback (innermost last):
  File "<console>", line 1, in ?
java.security.AccessControlException: access denied (java.io.FilePermission /tmp/test.txt read)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
    at java.security.AccessController.checkPermission(AccessController.java:553)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
    at java.io.File.exists(File.java:748)
    at org.python.core.PyFile._setup(Unknown Source)
    at org.python.core.PyFile.file_init(Unknown Source)
    at org.python.core.PyFile$1.new_impl(Unknown Source)
    at org.python.core.PyType.invoke_new_(Unknown Source)
    at org.python.core.PyType.type___call__(Unknown Source)
    at org.python.core.PyType.__call__(Unknown Source)
    at org.python.core.PyObject.__call__(Unknown Source)
    at org.python.pycode._pyx2.f$0(<console>:1)
    at org.python.pycode._pyx2.call_function(<console>)
    at org.python.core.PyTableCode.call(Unknown Source)
    at org.python.core.PyCode.call(Unknown Source)
    at org.python.core.Py.runCode(Unknown Source)
    at org.python.core.Py.exec(Unknown Source)
    at org.python.util.PythonInterpreter.exec(Unknown Source)
    at org.python.util.InteractiveInterpreter.runcode(Unknown Source)
    at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
    at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
    at org.python.util.InteractiveConsole.push(Unknown Source)
    at org.python.util.InteractiveConsole.interact(Unknown Source)
    at org.python.util.jython.main(Unknown Source)

java.security.AccessControlException: java.security.AccessControlException: access denied (java.io.FilePermission /tmp/test.txt read)
>>>