Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.security > #53
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!feeder1.hal-mli.net!news.glorb.com!news-out.readnews.com!news-xxxfer.readnews.com!news-out.news.tds.net!newsreading01.news.tds.net!86597e80!not-for-mail |
|---|---|
| From | "David 'Bombe' Roden" <david.'bombe'.roden@THRWHITE.remove-dii-this> |
| Subject | Creating a Sandbox |
| Message-ID | <5qr7n3F110hqhU1@mid.uni-berlin.de> (permalink) |
| X-Comment-To | comp.lang.java.programmer |
| Newsgroups | comp.lang.java.security |
| Content-Type | text/plain; charset=IBM437 |
| Content-Transfer-Encoding | 8bit |
| X-Gateway | time.synchro.net [Synchronet 3.15a-Win32 NewsLink 1.92] |
| Lines | 39 |
| Date | Wed, 27 Apr 2011 16:07:53 GMT |
| NNTP-Posting-Host | 96.60.20.240 |
| X-Complaints-To | news@tds.net |
| X-Trace | newsreading01.news.tds.net 1303920473 96.60.20.240 (Wed, 27 Apr 2011 11:07:53 CDT) |
| NNTP-Posting-Date | Wed, 27 Apr 2011 11:07:53 CDT |
| Organization | TDS.net |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.java.security:53 |
Show key headers only | View raw
To: comp.lang.java.programmer
Hi, everyone.
I'm trying to create a sandbox that executes code loaded from a JAR file
with reduced privileges. Unfortunately I'm a bit stuck. Here is what I
tried so far.
a) Created my own CodeSource and ProtectionDomain, used a custom ClassLoader
(extending SecureClassLoader) and gave the ProtectionDomain to the
defineClass class. Then I created an AccessControlContext with the
ProtectionDomain, used the ClassLoader to load a class from a JAR file and
tried to execute a method on the JAR file with the created
AccessControlContext.
b) Installed a Policy that would return special Permission object when a
CodeSource from a JAR file is handed to getPermissions(). Then I create two
classes from two different JAR files, create AccessControlContexts for each
of them (using their getClass().getProtectionDomain()) and try to execute
the method: when the method on the first class is called,
getPermissions(CodeSource) on my custom policy is called but when I execute
the method of the second class the policy is not asked, even with its
different ProtectionDomain.
So far I have not been successful using these (and other, more desperate)
methods. Is it really so hard to create a sandbox or am I missing some
important point? Also, it's hard to find examples or other documentation on
how to execute code with _less_ privileges, most of the code using
AccessController.doPrivileged() is aimed at executing code with _more_
privileges.
Grateful for any hints,
David
---
* Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://time.synchro.net:24
Back to comp.lang.java.security | Previous | Next | Find similar
Creating a Sandbox "David 'Bombe' Roden" <david.'bombe'.roden@THRWHITE.remove-dii-this> - 2011-04-27 16:07 +0000
csiph-web