UntrustedSecurityManager (CroftSoft Core)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.croftsoft.core.security.manager
Class UntrustedSecurityManager

java.lang.Object
  java.lang.SecurityManager
      com.croftsoft.core.security.manager.UntrustedSecurityManager

public class UntrustedSecurityManager
extends SecurityManager
extends SecurityManager

A generic SecurityManager implementation to host untrusted code loaded over a network. "Untrusted" code is defined as any class that was loaded using a ClassLoader instead of being read in directly from the local classpath.

Implement by including the following as the very first line of the main ( ) method of your application:

 System.setSecurityManager ( new HostSecurityManager ( ) );

Each of the 29 "check" methods of the standard Java 1.1.5 superclass SecurityManager are overridden to just call the reject_untrusted ( ) method. This method simply throws a SecurityException if the superclass method inClassLoader ( ) returns true.

To my knowledge, the only four possible "hostile" actions remaining that untrusted code could still perform on the host when using this implementation of SecurityManager are

attempting to read from the standard input System.in,
writing to the console outputs err and out,
consuming excessive processor time in its single thread, and
consuming memory until an OutOfMemoryError occurs.

Preventing untrusted code from reading from and writing to the standard console could be accomplished by replacing the default IO streams with customized classes that would throw a SecurityException. See System.setErr ( err ), System.setIn ( in ), and System.setOut ( out ).

If the standard console IO stream blocking were implemented, untrusted code would have no method of communication except by calling the methods of other objects within the virtual machine. Further communication (sockets, etc.) to the outside could then be optionally permitted by trusted classes. See SecurityManager.inCheck, SecurityManager.getInCheck ( ), and SecurityManager.getSecurityContext ( ).

Version:: 1999-02-13
Author:: David W. Croft

Field Summary

Fields inherited from class java.lang.SecurityManager
`inCheck`

Constructor Summary
`UntrustedSecurityManager()`

Method Summary
`void`	`checkAccept(String host, int port)`
`void`	`checkAccess(Thread t)`
`void`	`checkAccess(ThreadGroup g)`
`void`	`checkAwtEventQueueAccess()`
`void`	`checkConnect(String host, int port)`
`void`	`checkConnect(String host, int port, Object context)`
`void`	`checkCreateClassLoader()`
`void`	`checkDelete(String file)`
`void`	`checkExec(String cmd)`
`void`	`checkExit(int status)`
`void`	`checkLink(String libname)`
`void`	`checkListen(int port)`
`void`	`checkMemberAccess(Class clazz, int which)`
`void`	`checkMulticast(InetAddress maddr)`
`void`	`checkMulticast(InetAddress maddr, byte ttl)`
`void`	`checkPackageAccess(String pkg)`
`void`	`checkPackageDefinition(String pkg)`
`void`	`checkPrintJobAccess()`
`void`	`checkPropertiesAccess()`
`void`	`checkPropertyAccess(String key)`
`void`	`checkRead(FileDescriptor fd)`
`void`	`checkRead(String file)`
`void`	`checkRead(String file, Object context)`
`void`	`checkSecurityAccess(String action)`
`void`	`checkSetFactory()`
`void`	`checkSystemClipboardAccess()`
`boolean`	`checkTopLevelWindow(Object window)`
`void`	`checkWrite(FileDescriptor fd)`
`void`	`checkWrite(String file)`
`protected void`	`reject_untrusted()` Called by all of the "check" methods to foil untrusted code.

Methods inherited from class java.lang.SecurityManager
`checkPermission, checkPermission, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoader`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail