[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Moving system properties to gnu.classpath.*
From: |
Jeroen Frijters |
Subject: |
RE: Moving system properties to gnu.classpath.* |
Date: |
Mon, 11 Oct 2004 08:28:15 +0200 |
David Holmes wrote:
> And while I'd like to help with the general problem I frankly
> don't have the time available to do so - sorry.
No problem. I'll try to cook up a proposal this week and hopefully you
can review it to see if it helps you or not.
> > Whenenever code tries to access a package and a security manager is
> > installed, SecurityManager.checkPackageAccess() is called, so all we
> > need to do is all the gnu.classpath package to the
> package.access system
> > property.
>
> Isn't that test in reflection only?
No, it's in the (system) class loader (or it is supposed to be,
Classpath doesn't yet have it). Try this on the Sun JVM:
public class test extends java.lang.SecurityManager
{
public static void main(String[] args) throws Exception
{
System.setSecurityManager(new test());
new java.util.Vector();
}
public void checkRead(String file) {}
public void checkPackageAccess(String pkg)
{
if(pkg.equals("java.util")) throw new SecurityException();
super.checkPackageAccess(pkg);
}
}
Here is a interesting link I found:
http://www.net-security.org/vuln.php?id=3018
> I'm confused again about what is being proposed: a public API
> with some kind of runtime check to deny access, or a private
> API with a runtime check to allow access (doPrivileged?) ?
> The former still seems to need VM magic,
I'm proposing a public API in a special package that is not accessible
to untrusted code and this does not require any VM magic (just a proper
implementation of SecurityManager.checkPackageAccess())
Regards,
Jeroen
- RE: Moving system properties to gnu.classpath.*, (continued)
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/07
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/07
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/08
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/08
- RE: Moving system properties to gnu.classpath.*,
Jeroen Frijters <=
- RE: Moving system properties to gnu.classpath.*, Jeroen Frijters, 2004/10/11
- Re: Moving system properties to gnu.classpath.*, Archie Cobbs, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11
- Re: Moving system properties to gnu.classpath.*, Archie Cobbs, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11
- Re: Moving system properties to gnu.classpath.*, Archie Cobbs, 2004/10/11
- RE: Moving system properties to gnu.classpath.*, David Holmes, 2004/10/11