Running and restricting unsafe code within a safe application

My application (actually a web application) will do the following:
- Obtain Java source code from an untrusted source. One such piece of source code will be a JUnit test class (and another will be the class(es) it is testing).
- Compile the source code in memory, storing the compiled classes into byte[] arrays, using the JSR-199 compiler.
- Load the JUnit test class that was just compiled, using a URLClassLoader.
- Run the JUnit test (using the JUnitCore core class in JUnit 4.4) and report the results to the client.
Since the source code is untrusted, it may do malicious things that I want to prevent. I have wide flexibility in limiting the permissions of the code; for example, I can disallow file reading and writing, network access, etc. However, I do not want to restrict these permissions on my own application, or the JUnit code itself (such as the class JUnitCore, which runs the JUnit test). So the flow will go like this:
1. Allow unrestricted security policy initially.
2. Obtain source code.
3. Compile source code.
4. Apply restricted security policy.
5. Load compiled classes and use JUnitCore to run the JUnit test class. (Loading should be restricted so that static initializers in the unsafe code cannot do harm.)
6. Remove restricted security policy.
7. Report results (in particular, violating the security policy means, "Test failed").
However, my very basic understanding of the security policies in Java is that permission granting within a call stack seems to go the other way; untrusted code is run with a restricted security policy, but it may make a call to a system library, for instance, that runs as a privileged block and has extra permissions that the unsafe calling code does not have. I want to flip that around and say, "My code is okay, but when it executes the method JUnitCore.run, restrict the access of that method". Or, to be even more fine-grained, "My code, and any code from junit-4.4.jar such as JUnitCore, is okay, but somewhere in the bowels of JUnitCore.run, some unsafe code will eventually be called, and I want its access restricted."
I don't even know if this is possible the way I have stated it, and if so, I am having trouble mapping the abstract concepts of a codebase, code signers, etc., on to the specific pieces of code in my project. Someone on another forum suggested that the URLClassLoader used to load the unsafe classes would somehow play the role of a codebase, so that I could state that anything loaded with that class loader should be restricted, but I have not seen a syntax for expressing this in the documentation. Plus, I don't see how using the URLClassLoader used to load the unsafe classes would play a role, since permissions are granted, not denied. It seems that I need a way to map a codebase to the safe code, not the unsafe code, and then grant permissions to the unsafe code.
It seems like it could be as simple as creating a policy file (say, unsafe.policy) with the contents
grant codebase "My Application + supporting classes I wrote + any class in junit-4.4.jar" {
    permission java.security.AllPermission;
};and running java -Djava.security.manager -Djava.security.policy=unsafe.policy MyApp, except that I don't really know how to specify the codebase, or if it is possible to draw a box around my code + junit-4.4.jar in that way.
Thank you,
Dave
Edited by: pexatus on Aug 10, 2008 12:48 PM

>
Have a look at AccessController and AccessControlContext. These are the tools you need for this task.
>
By "this task", do you mean, "writing a custom SecurityManager"? Or do you mean the more general task of creating a security policy (such as by writing a policy file) to ensure untrusted code does no damage?
I'm sorry to be so slow, but I don't see how to use the two classes you mention for my task. I assume that the only reason I need AccessController is to call AccessController.getContext() to get an instance of AccessControlContext, since the other methods of AccessController don't seem to be what I need. AccessController.checkPermission presumes I have successfully written the security policy already, which is the problem I am trying to solve, and the various AccessController.doPrivileged methods appear to grant extra privileges to code that is called, which is the problem I mentioned earlier: I want certain code that I call to have fewer privileges, rather than more.
Similarly, I do not see any methods in AccessControlContext that could tell me whether the current executing code is trusted or not. It, too, has a checkPermission method that will work if I set up the security policy correct, which is what I cannot figure out how to do in the first place, and a getDomainCombiner() method. A DomainCombiner has only a single method, which assumes that I already have an array of ProtectionDomain objects. To create a ProtectionDomain, I need to specify a CodeSource, which is, as the documentation indicates, an extension of "the concept of a codebase". It is at this point I get completely lost in the abstract and generic nouns such as domain, codebase, code source, context, and I do not see how to connect them to concrete nouns that I understand such as class file, package, method, etc. Is it the case that I need to create a CodeSource representing the trusted classes? Is there an elegant way to create a CodeSource representing all the classes in a a project (say, under a given directory, or contained within a given jar file), short of enumerating them or digging into directories and jar files doing a search? And once I create this CodeSource within my program, what do I do with it to specify that I want my security policy to allow all permissions for the classes represented by the CodeSource, and restricted permissions for all classes outside the CodeSource, regardless of call order? (since trusted code will call untrusted code, and I do not want the permissions of the trusted code to be inherited by the untrusted code)
Again, I am sorry to be so ignorant, and I appreciate the help, but I am simply having trouble connecting the concepts described in the documentation to the specific concrete aspects of my application.
Dave

Similar Messages

  • How to Create new Lookup Type and look up codes within it.

    Hi,
    I need to create a Poplist.
    I want the View Object(to be associated with the poplist) to fetch the value from a new look up type and lookup codes as mentioned below.
    How to create these in the APPS?
    Lookup Type
    RATINGS
    LookupCode Meaning
    A Very Good
    B Good
    C Satisfactory
    D Bad
    Please tell me how can i create the above mentioned Lookup Type and codes ?
    thanks,
    Gowtam

    I have one more doubt regarding the AM to be associated with the poplist and that with the page and choice box within it.
    The ViewObject for the poplist belongs to the package <xyz>.oracle.apps.employee.poplist.server.
    My questions are
    1.What should be the AM property for PageLayoutRN?
    - is it oracle.apps.fnd.server.OAApplicationModule(as in HelloWorld)
    OR
    - is it <xyz>.oracle.apps.employee.poplist.server (view objects AM)
    2.What should be the AM property for the Choice?
    - do I need to assign it to <xyz>.oracle.apps.employee.poplist.server
    OR
    - leave it blank?
    Please clarify my doubts.
    Thanks,
    Gowtam

  • How to run and stop LabView code without using start and stop buttons

    Hey
    I've attached my code that I'm going to use with thermocouples. What I'm trying to do is: when I hit start button the code should run for a minute then stop for 5 minutes and then start again, this process should be repeated twice . Could you please suggest the appropriate way to do it.
    Regards 
    Rajab
    Solved!
    Go to Solution.
    Attachments:
    temp. samples.png ‏24 KB

    Rajab84 wrote:
    Hi altenbach
    Thanks a lot for your help, I've tried the state machine, I’ve created 5 case structures as following: start for 1 min, stop 5 min, start again for 1 min, stop 5 min, restart again 1 min and finally stop. I’ve tried the code and it didn’t work. Could you please have a look at the attached code and let me if I need to change something. I think I’ve not used the elapsed time function properly. 
    Best Regards 
    Rajab
    you really dont need to repeat cases (2x)...using a shift register will reset your timer function once the timer has reached it's set limit. the "bool crossing" is used to tell me when the "5 min" case is done and increments the cycle count....ofcoarse, change the "seconds" constant to your desired time on the elapsed timer of this example 
    and you could "or" the stop to the "compare = 2" or change the select "wait" to "exit" with a constant connected to the stop
    Attachments:
    Untitled 2.vi ‏42 KB

  • Equium A210-171: CD won't run and ODD error code 19

    Hi,
    I was trying to run a cd that came with my sony walkman but the cd won't run
    So i went to Device Manager and noticed that there's a yellow info triangle in front of the: TSSTcorp CDDVDW TS-L632H ATA Device
    There's a messege when i try to update the driver
    (Windows cannot start this hardware device because its configuration info ( in the registery ) is incomplete or damaged (Code 19)
    Any sugestions please?
    Is there a free driver scanner and repair tool maybe?
    Thanks in advance
    Message was edited by: sounds

    Hi,
    I don't want to destroy anything so not touching it untill i know
    I just want to know if i should uninstall that TSSTcorp CDDVDW TS-L632H ATA Device
    Then do the registery part
    But considering i can't update the TSSTcorp CDDVDW TS-L632H ATA Device
    And i can't get the fix it thing to work, if i uninstall the TSSTcorp CDDVDW TS-L632H ATA Device
    Then delete those registery entries, how will it be reinstalled.
    Message was edited by: sounds

  • IN SRM UI addon - how to restrict Tax code and purch. group drop down value

    Hi All,
    We recently implemented SRM UI add on, and before this we have a logic where based on the company code we used to restrict tax codes in the dorp down of tax code fields, however with new UI this logic doesnt work, is there any way to achieve this functionality.
    Regards
    Manoj

    You have to redefine the Method GET_DQUERY_DEFINITION of the Search View.
    Check in some other serach components where this must have already been done to get the exact code.
    Regards,
    Harshit

  • I just installed Firefox on a new HP 600-1120 with Windows 7 and it is only running in "safe" mode. Why? How do I get it to run in "regular" mode? How does "safe" mode differ?

    I just installed Firefox on a new HP 600-1120 with Windows 7 and it is only running in "safe" mode. Why? How do I get it to run in "regular" mode? How does "safe" mode differ?

    > So now my question is, how can i fix this problem?
    Use the Toshiba recovery disk or the Toshiba HDD recovery option.
    If you dont have the Toshiba Recovery disk try the HDD recovery:
    http://aps2.toshiba-tro.de/kb0/HTD1303440001R01.htm
    This works only if the recovery image files from Toshiba are still on the HDD:
    If you installed the system using another disk as Toshiba recovery disk, this recovery option will not work.

  • I am running lion now and I am not able to safe my emails to the computer with the attachments. what's wrong?

    I am running lion now and I am not able to safe my emails to the computer with the attachments. what's wrong?

    Try using these settings: http://support.apple.com/kb/HT4864.

  • I cannot remember my restriction pass code, and I don't know how to retrieve it. Can someone help me, I'm new to this stuff!!

    I set a restriction pass code, and when I tried to use it, it says it's wrong. But I had to put it in 2x so it can't be wrong. And I just set it this morning, so I didn't forget. It just won't let me in.

    iOS: Forgotten passcode or device disabled after entering wrong passcode - http://support.apple.com/kb/ht1212 - Learn what to do if you have forgotten or can't remember your passcode, or if your device displays a message saying it is disabled.
    If you cannot connect it to the computer to which the device was last connected (or the device was never connected to a computer) you will have to use recovery mode to completely reset the device, losing all data:
    iOS: Unable to update or restore - http://support.apple.com/kb/HT1808 - recovery mode (e.g., cannot connect to computer last used to sync device, iTunes still asks for a password)

  • I put a restrictions pass code on my iPad and forgot the password. I tried to reset it to factory settings but that means I lose all my purchases and I don't wanna lose $ 25 worth of purchases. I tried restoring it but brings back restrictions code....

    How do I get rid of the restrictions pass code but keep my apps?

    You won't lose purchases. They can be downloaded to your iTunes library on your computer and backed up.
    You can also redownload your purchases directly from your iPad after the restore by signing into the iTunes and App stores with your Apple ID:
    Open iTunes Store app > Purchased
    Open App Store app > Purchased

  • I can see the Safari icon on my iPhone screen, but the program doesn't run. I have checked the settings and it is on and not restricted. Can I delete the application and reinstall it?

    I can see the Safari icon on my iPhone screen, but the program doesn't run. I have checked the settings and it is on and not restricted. It seems that the application has simply stopped running. The little "searching" icon just spins and spins. Can I delete the application and reinstall it?

    You can't delete it. you will need to do a restore.
    Restore: http://support.apple.com/kb/HT1414

  • How can I reset my sons restrictions pass code? I have failed 9 attempts and it locks me out longer and longer.thx

    How can I reset my sons restrictions pass code? I have failed 9 attempts and it locks me out longer and longer.thx

    see here
    http://support.apple.com/kb/HT1212
    No choice

  • HT1414 I have forgot my restriction pass code and can't delete apps to enable me to update software

    I can't update to iOS 7 as need to delete data but have forgot my restrictions pass code so it won't work ....help

    If you have a backup that was created before you entered the passcode you can restore from that backup to remove it from the iPad. If not, you have to restore the iPad as new in order to remove the passcode.
    You may have some success finding the passcode with a third party app like this.
    http://www.iphonebackupextractor.com/

  • Pasting smart quotes and apostrophes in code view.

    Sine upgrading to Dreamweaver CS5, I haven't been able to copy/paste smart quotes and apostrophes into code view without them automatically being converted to straight quotes.
    For example, the following sentence (notice the curly quotes):
    John’s new song is called “DW Blues”
    would get pasted into Code View as:
    John's new song is called "DW Blues"
    Notice the smart quotes and apostrophe are replaced with single and double ticks, or "straight quotes."  While this seems like a minor detail, it's extremely important to our writers and editors to have them appear on the website exactly as typed.
    If I do the same copy/paste in Design View (doc type is XHTML Transitional), it appears as:
    John's new song is called &quot;DW Blues&quot;
    The characters are still replaced, and the straight quotes are then entity encoded (as expected).
    This doesn't happen with other valid UTF-8 characters like ™, ®, —, etc., or with any other code editors I've used, including DW CS3.
    Is there a hidden preference somewhere to disable this "feature," or is it just a bug?
    Please help!

    It's now 4 years since jsparacio posted this, and I just wanted to let everyone know that I had -- and am still having -- the exact same problem with Dreamweaver CS5 (running first under Windows XP, then Windows 7, and now again with Windows 8.1). So it's not just Macs that are affected.
    FWIW, I have set my DW CS5 Paste preferences to the 3rd of 4 options available
        1 - Text Only
        2 - Text With Structure
        3 - Text With Structure Plus Basic Formatting
        4 - Text With Structure Plus Full Formatting
    in the EDIT > PREFERENCES > Copy/Paste Preferences dialog box.
    But the Paste Special command ignores this setting, giving me only the first 2 options from which to choose, with option 2 the default selection for Paste Special operations (options 3 and 4 are grayed out, and can't be selected).
    According to David Sawyer McFarland's _Dreamweaver CS5: The Missing Manual_ (O'Reilly Media, 2010), the reason these are grayed out is because I am pasting unformatted ASCII text which I generated in a program editor called "UltraEdit":
        "... Choose EDIT > PASTE SPECIAL to open the Paste Special window. Here, you can choose which of the four techniques you wish to use ... sort of. You're limited to what Dreamweaver can paste. For non-Microsoft Office products, you can use only the first two options--the others are grayed out--whereas you can choose from any of the four with text copied from Word or Excel." (McFarland, p. 81)
    Regardless of such restrictions, standard copy-and-paste (CTRL+C followed by CTRL+V) works just fine for me using Dreamweaver CS4 (i.e., I have never needed to use the Paste Special command), but with DW CS5, neither Paste command (CONTROL+V or CTRL+SHIFT+V) works properly with typographic/curly/smart quotes.
    All typographic quotes -- ASCII-0146 and ASCII-0147 (double quote marks); plus ASCII-0145 and ASCII-0146 (single quote marks, for quotes within a quote) -- are converted to inch (&quot; is entered in the code) and foot (' is entered in the code) marks when I copy-and-paste text with these characters into Dreamweaver's Design View.
    When I copy this same plain ASCII text directly into the code (rather than using Design View), typographic double open & close quotes are converted to the inch (") mark, and typographic single open & close quotes are converted to the foot (') mark.
    The beginning of this week, I installed Dreamweaver CS5, ver. 11.0, Build 4909 under Windows 8.1 OS on my new Ultrabook. I was hoping that under Windows 8.1, DW CS5's handling of typographic quotes might improve so that I can actually use this program that I purchased 4 years ago. Alas, no such luck: I continue to have the same problem I had when I first upgraded to Dreamweaver CS5 back in August 2010 (then running under Windows XP on my desktop computer).
    Back in August 2020, when I first asked about fixes, I was told to change the Title/Encoding setting of Page Properties to "Western European" -- which I tried, but it didn't work then, and it doesn't work now ... and even if it did, it wouldn't be a proper fix for the problem as I have plenty of good reasons for wanting my HTML page Title/Encoding set to Unicode (UTF-8), not Western European ("charset=iso-8859-1").
    The ability to copy-and-paste typographic quotes is such a big deal for me that I chose back in August 2010 to revert to Dreamweaver CS4, which I've been using ever since.
    It is *very* frustrating that, 4 years later, I still can't use this program, and shall be reverting to DW CS4, yet again.
    I continue to be completely flummoxed by this. Every other program with which I am familiar converts non-typographic quotes to typographic/curly/smart quotes ... never have I seen the process automated in reverse!

  • 2TB Ext. Hard Drive is corrupted?, error code -50 and then error code -35 when i try to empty out my trash

    okay so a few days ago i received and email for one of my colleagues to do some final editing to a music video. the folder contained 2 videos a rough chops and the main which was about 2-3GB which i dragged on to my external hard drive . and at the time i was trying to install a trial version of parallel lines and me being a newbie to the software i didn't know i need windows installments for it to run lol but yeah... so i was just getting frustrated with the software i kept installing it uninstalling it and then i was thinking my the problem might be because my MacHD space is low (less then 40GBs on my MacHD), so.. i installed it on my hard drive where all my important files are (I'm a graphic designer and do light video editing) video projects and many photoshop projects form 2007 and logs and just a bunch of important files in my hard drive. so because i was so frustrated with the software i wasn't thinking and i installed it on my external 2TB hard drive. and when i realized parallel wasn't working i gave up, uninstalled the program form the hard drive and for some reason when i did that and i tried opening the video my friend had email to me and for some reason it did load up but a few seconds maybe about 10sec in the video is froze and closed my media app (VLC) and when i tried opening other video files it would freeze every few minutes but those specific files i had drag in last were not playing after at least 5 secs and eventually didn't open at all so i restart my computer login and now i get scared i see that my MacBook Pro isn't reading my external hard drive so i search threw forums... i unplug from the wall plug my external hard drive back in my computer and it loaded up but when i opened my external hard drive all my files had that plank white paper icon on my folders (because i have everything organized but subject when you open then drive folder. so... i go in to my projects and nothing, i open my edited photos and nothing... my hart feels like its about to drop and i keep opening files and there is nothing in them, but in "get info" of my drive it shows that there is filled so i go to "disk utility"... i "verify disk" passes ..."repair disk" doesn't past.... i look it up in forums... so i reboot my computer and go to the safe recovery menu. go threw the same ting "disk utility"... verify, pass... repair, pass... so now i feel relieved. i login files in the ext. hard drive load up i tried again to open the files and same thing happens... so now I'm thinking its the files i drag the files to the trash and try to empty and its gone i reboot the computer and my drive didn't load up so i tried unplugin it and back in... drive comes up i notice theres trash.. i tried emptying it and i get the error code -50. and no files are popping up on my external drive and i try to repair/unmount disk and the verify disk doesn't pass and when i click repair disk it doesn't past and another error code pops up -35.... so i felt my drive alone for a few days and yesterday i go the files deleted from the trash and now I'm not getting any codes but when i try to unmount.verify/repair the disk. keeps letting my tits need to be repaired so i click the repair button another error unable to unmount volume to repair...
    what do i do? my files still don't show up. and I'm very sorry for the long paragraph but i have to be detailed for you to understand my situation

    Read this.

  • When I boot up my system and Firefox is not running, Firefox tells me I must update, but when it begins to do so, it tells me that the program is currently running and that I must turn it off before the update can proceed.

    Basically, I don't know any better way to turn it off than to try closing the program or rebooting the computer. Rebooting usually works, as in the following instance which happens occasionally: I close Firefox, move on to another task, and then try to open Firefox again and am told that Firefox is still running and that I must try to close it again or reboot. Trying to close it again is impossible because for all I can see, it is closed. So, I reboot and can then successfully start Firefox. That is a nuisance that I would like to remedy. I was hoping that the update of the program might resolve the problem, but I can't get the update to work, as explained above.

    Hello,
    I would like to strongly recommend that you update your version of Flash Player to our currently released version (17.0.0.169) and enable auto updates.  The version you are using is insecure and opening your computer (and all of your data) to being easily exploited by bad guys.
    As for the error you are receiving, this is most likely a restriction from the website.  Each developer is able to specify what the required minimum version of Flash and require their users to have at least that version installed.  The detection that is occuring and the message that you are seeing on the website isn't part of Flash Player, but instead part of the website's code.
    If you go to this page and click the "Check Now" button, what is displayed (OS, browser and version number)?  Do you see the "tree" animation playing below?
    Flash Player Help
    Thanks,
    Chris

Maybe you are looking for