Reputation: 2161
Stopping Hostile Threads in JVM
I'm writing a server, which may be running hostile code. To prevent an attacker from throwing a thread into an infinite loop, I want to enforce a one-second execution time limit.
An InterruptedException can be caught inside an infinite loop, thus allowing an attacker to retain control of the thread. Thus Thread.interrupt() is not an acceptable solution.
My current implementation prevents hostile threads from acquiring any resources (including locks), uses Thread.stop() to terminate execution, and reverts any changes made by the thread. My main complaint is that it uses the deprecated Thread.stop() method; I don't like using deprecated code.
I'm wondering if there is a more industry-accepted solution, short of launching/killing an entirely new JVM, which would have too much overhead for my purposes.
Upvotes: 2
Views: 400
Answers (2)
Reputation: 75376
You cannot guarantee that a thread can be stopped as several blocking methods (like sockets) do not respond to interrupt().
I would suggest a very strict security manager so you can be absolutely certain that the malicious code is sandboxed. If you need to be certain then consider a special classloader which ensures that only valid operations are being done.
Upvotes: 2
Reputation: 533520
The only way to kill a thread is to use a separate process and kill that process. Thread.stop() throws a ThreadDeath error which can be caught and ignored. i.e. catch(Throwable t) {}
For more details on what Thread.stop() actually does Does Thread.stop() really stop a Thread?
Upvotes: 5
Related Questions
- how can i forbid a jar create new thread in java
- Controlling system threads by JVM
- How to avoid creating Thread hostile classes in Java
- Preventing Thread creation/start in Java
- How to protect private Thread without using SecurityManager
- Java Security Manager on Threads
- Protection for thread safety
- Prevent a thread to execute certain methods
- Preventing other threads from running a piece of code
- Threading security policy