Reputation: 3236
Security manager java stop override
If I set a security manager, for example:
private static class SecManager extends SecurityManager {
...
}
With:
System.setSecurityManager(new SecManager());
Which permission can I use (or rather prevent), to stop code further down the line setting the security manager again, with elevated permissions.
I am looking for a method like:
private static class SecManager extends SecurityManager {
@Override
public void checkSetSecurityManager(SecurityManager manager){
throw new AccessControlException("Not allowed to set new security Manager);
}
}
But of course, the checkSetSecurityManager doesn't exist, so i'm not sure exactly what to look for or how to deny that permission.
I would like to use the security manager to allow me to run some untrusted code, but I obviously don't want that code to be able to set it's own security manager. I did consider doing this at the OS level (create a new user for each bit of code), but that seems a little overkill. Instead, I run my own java main, which sets a security manager, then runs the untrusted code within the same JVM. I have made sure their code cannot start new processes already (as this would circumvent the security manager), but I need to make sure they cannot override the existing security manager.
I also use checkWrite and checkRead to make sure the code can only read/write in a certain dir.
Any help is much appreciated.
Thanks,
Upvotes: 4
Views: 891
Answers (1)
Reputation: 5486
The following website https://www.securecoding.cert.org/confluence/display/jg/20.+Create+a+secure+sandbox+using+a+security+manager says the following about this:
If the current security policy enforced by the current security manager forbids replacements (by omitting the
RuntimePermission("setSecurityManager")), any attempt to invokesetSecurityManager()will throw a SecurityException.
So it looks like the checkPermission() method is the place to check for this.
The Javadoc for RuntimePermission has a list of possible values to check for if other critical methods should be catched as well: https://docs.oracle.com/javase/7/docs/api/java/lang/RuntimePermission.html
Upvotes: 3
Related Questions
- Enable the Java SecurityManager with AllPermission
- A java SecurityManager that is identical to NO security manager except for a single check adjustment for System.exit
- Java default SecurityManager policy
- Load your own SecurityManager or disable existing
- Java SecurityManager @Override public void checkPermission(Permission perm)
- Java Security Manager: how to specify "No Permission"?
- Running Java Security Manager without the default java.policy file
- Setting the Java SecurityManager for one method only
- SecurityManager surprises
- Using Security manager to prevent public method access