Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.security > #53

Creating a Sandbox

From "David 'Bombe' Roden" <david.'bombe'.roden@THRWHITE.remove-dii-this>
Subject Creating a Sandbox
Message-ID <5qr7n3F110hqhU1@mid.uni-berlin.de> (permalink)
Newsgroups comp.lang.java.security
Date 2011-04-27 16:07 +0000
Organization TDS.net

Show all headers | View raw

  To: comp.lang.java.programmer
Hi, everyone.

I'm trying to create a sandbox that executes code loaded from a JAR file
with reduced privileges. Unfortunately I'm a bit stuck. Here is what I
tried so far.

a) Created my own CodeSource and ProtectionDomain, used a custom ClassLoader
(extending SecureClassLoader) and gave the ProtectionDomain to the
defineClass class. Then I created an AccessControlContext with the
ProtectionDomain, used the ClassLoader to load a class from a JAR file and
tried to execute a method on the JAR file with the created
AccessControlContext.

b) Installed a Policy that would return special Permission object when a
CodeSource from a JAR file is handed to getPermissions(). Then I create two
classes from two different JAR files, create AccessControlContexts for each
of them (using their getClass().getProtectionDomain()) and try to execute
the method: when the method on the first class is called,
getPermissions(CodeSource) on my custom policy is called but when I execute
the method of the second class the policy is not asked, even with its
different ProtectionDomain.

So far I have not been successful using these (and other, more desperate)
methods. Is it really so hard to create a sandbox or am I missing some
important point? Also, it's hard to find examples or other documentation on
how to execute code with _less_ privileges, most of the code using
AccessController.doPrivileged() is aimed at executing code with _more_
privileges.


Grateful for any hints,

        David

---
 * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://time.synchro.net:24

Back to comp.lang.java.security | Previous | Next | Find similar

Thread

Creating a Sandbox "David 'Bombe' Roden" <david.'bombe'.roden@THRWHITE.remove-dii-this> - 2011-04-27 16:07 +0000

csiph-web