Reputation: 35306
Nashorn/jjs security: executing a user's script on server side
I'm writing an application where the user can provide a custom javascript function to filter a file on the server side using nashorn/jjs:
cat /etc/js/library.js user.js > tmp.js &&
cat /path/to/input.txt | jjs --language=es6 -doe -J-Djava.security.manager tmp.js > /path/to/output.txt &&
rm tmp.js
I know that the user could write an infinite loop to fill my disk:
for(;;) print("#####);
But is -J-Djava.security.manager sufficient to prevent him to read/write a file on the filesystem ?
Thanks.
Upvotes: 0
Views: 519
Answers (1)
Reputation: 4405
You're right. Once you set java security manager, your scripts are "sandboxed". Unless you write explicit security policy where you grant specific permissions to specific scripts, only sandbox permissions are given to scripts. You can safely run unsecure scripts. To grant specific permissions to specific scripts, you need to load script from trusted URLs and use those URLs in security policy:
See also: https://wiki.openjdk.java.net/display/Nashorn/Nashorn+script+security+permissions
Upvotes: 2
Related Questions
- Secure Nashorn JS Execution
- Letting Nashorn run user code
- Prohibit scripts from accessing specific Java classes using Java security Manager
- How to invoke Nashorns `ScriptFunction` callback from Java?
- Profile Nashorn Javascript execution?
- Running Javascript in Java: FilePermission denied
- How do I secure scripts run using javax.scripting?
- Security Issue - Allowing user to add his own JavaScript (only during runtime)
- How can I achieve safe user-generated client script execution?
- Security Issue if Javascript evaluated by Java on the Server