Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Would a blank Java security policy file be the most restrictive?

I am creating an application that allows users to execute uploaded Java files. I am trying to restrict what they can do with a Security Manager. Would a blank policy file be the most restrictive, not allowing them to do as much as possible? Would this restrict them from doing anything basic that I shouldn't be restricting them from?

like image 628
Greg Avatar asked Dec 30 '14 18:12

Greg


People also ask

What is the default Java policy file?

The java. policy file that is supplied by WebSphere Application Server is located at install_root/java/jre/lib/security/java. policy. This file contains these default permissions.

What is Java policy files?

The java. policy file installed with the JDK grants all permissions to standard extensions, allows anyone to listen on un-privileged ports, and allows any code to read certain "standard" properties that are not security-sensitive, such as the " os.name " and " file.

How do I grant permissions in Java security AllPermission?

The AllPermission is a permission that implies all other permissions. Note: Granting AllPermission should be done with extreme care, as it implies all other permissions. Thus, it grants code the ability to run with security disabled. Extreme caution should be taken before granting such a permission to code.

What is a .policy file?

A POLICY file is a configuration file used by Java Runtime Environment (JRE) and Java SE Development Kit (JDK) to determine the granted permissions for each Java program. It contains a list of permission information that specifies the types of system resource accesses that can be used by a Java program.


1 Answers

Yes, a security policy that grants no permissions is the most restrictive policy you can define with the standard Java Security Manager, and would prevent any code running in that JVM from doing anything that requires a security permission. The Java core API's generally check some variety of security permission before allowing code running under a Security Manager from doing anything that could be harmful, so in theory it's safe to run untrusted code where no permissions have been granted.

There are some exceptions: for example code loaded from the system classpath is allowed to call System.exit(), which would stop your application, and code running with no permissions can still create any number of new threads, which could lock up the system. If these are concerns you'll need to consider writing a custom Security Manager.

In your case if you're running your application code and user-provided code in the same JVM, you'll need to give your application code permission to do the things it needs to do while granting no permissions to untrusted code, so you would need to add something like the following to your policy file:

grant codeBase "file:path/to/trusted/application/jars" {
  permission java.security.AllPermission;
};

Be aware that if you're specifying the policy file on the command line you'll need to use a double equals (e.g. -Djava.security.policy**==**policy.file ), otherwise your policy will extend the default Java security policy, which grants a minimal set of permissions to all code.

like image 178
alphaloop Avatar answered Oct 15 '22 08:10

alphaloop