com.croftsoft.core.security.manager
Class UntrustedSecurityManager

java.lang.Object
  extended by java.lang.SecurityManager
      extended by com.croftsoft.core.security.manager.UntrustedSecurityManager

public class UntrustedSecurityManager
extends SecurityManager

A generic SecurityManager implementation to host untrusted code loaded over a network. "Untrusted" code is defined as any class that was loaded using a ClassLoader instead of being read in directly from the local classpath.

Implement by including the following as the very first line of the main ( ) method of your application:

 System.setSecurityManager ( new HostSecurityManager ( ) );
 

Each of the 29 "check" methods of the standard Java 1.1.5 superclass SecurityManager are overridden to just call the reject_untrusted ( ) method. This method simply throws a SecurityException if the superclass method inClassLoader ( ) returns true.

To my knowledge, the only four possible "hostile" actions remaining that untrusted code could still perform on the host when using this implementation of SecurityManager are

Preventing untrusted code from reading from and writing to the standard console could be accomplished by replacing the default IO streams with customized classes that would throw a SecurityException. See System.setErr ( err ), System.setIn ( in ), and System.setOut ( out ).

If the standard console IO stream blocking were implemented, untrusted code would have no method of communication except by calling the methods of other objects within the virtual machine. Further communication (sockets, etc.) to the outside could then be optionally permitted by trusted classes. See SecurityManager.inCheck, SecurityManager.getInCheck ( ), and SecurityManager.getSecurityContext ( ).

Version:
1999-02-13
Author:
David W. Croft

Field Summary
 
Fields inherited from class java.lang.SecurityManager
inCheck
 
Constructor Summary
UntrustedSecurityManager()
           
 
Method Summary
 void checkAccept(String host, int port)
           
 void checkAccess(Thread t)
           
 void checkAccess(ThreadGroup g)
           
 void checkAwtEventQueueAccess()
           
 void checkConnect(String host, int port)
           
 void checkConnect(String host, int port, Object context)
           
 void checkCreateClassLoader()
           
 void checkDelete(String file)
           
 void checkExec(String cmd)
           
 void checkExit(int status)
           
 void checkLink(String libname)
           
 void checkListen(int port)
           
 void checkMemberAccess(Class clazz, int which)
           
 void checkMulticast(InetAddress maddr)
           
 void checkMulticast(InetAddress maddr, byte ttl)
           
 void checkPackageAccess(String pkg)
           
 void checkPackageDefinition(String pkg)
           
 void checkPrintJobAccess()
           
 void checkPropertiesAccess()
           
 void checkPropertyAccess(String key)
           
 void checkRead(FileDescriptor fd)
           
 void checkRead(String file)
           
 void checkRead(String file, Object context)
           
 void checkSecurityAccess(String action)
           
 void checkSetFactory()
           
 void checkSystemClipboardAccess()
           
 boolean checkTopLevelWindow(Object window)
           
 void checkWrite(FileDescriptor fd)
           
 void checkWrite(String file)
           
protected  void reject_untrusted()
          Called by all of the "check" methods to foil untrusted code.
 
Methods inherited from class java.lang.SecurityManager
checkPermission, checkPermission, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getClassContext, getInCheck, getSecurityContext, getThreadGroup, inClass, inClassLoader
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UntrustedSecurityManager

public UntrustedSecurityManager()
Method Detail

reject_untrusted

protected void reject_untrusted()
Called by all of the "check" methods to foil untrusted code.
 if ( inClassLoader ( ) )
   throw new SecurityException ( "untrusted" );
 


checkAccept

public void checkAccept(String host,
                        int port)
Overrides:
checkAccept in class SecurityManager

checkAccess

public void checkAccess(Thread t)
Overrides:
checkAccess in class SecurityManager

checkAccess

public void checkAccess(ThreadGroup g)
Overrides:
checkAccess in class SecurityManager

checkAwtEventQueueAccess

public void checkAwtEventQueueAccess()
Overrides:
checkAwtEventQueueAccess in class SecurityManager

checkConnect

public void checkConnect(String host,
                         int port)
Overrides:
checkConnect in class SecurityManager

checkConnect

public void checkConnect(String host,
                         int port,
                         Object context)
Overrides:
checkConnect in class SecurityManager

checkCreateClassLoader

public void checkCreateClassLoader()
Overrides:
checkCreateClassLoader in class SecurityManager

checkDelete

public void checkDelete(String file)
Overrides:
checkDelete in class SecurityManager

checkExec

public void checkExec(String cmd)
Overrides:
checkExec in class SecurityManager

checkExit

public void checkExit(int status)
Overrides:
checkExit in class SecurityManager

checkLink

public void checkLink(String libname)
Overrides:
checkLink in class SecurityManager

checkListen

public void checkListen(int port)
Overrides:
checkListen in class SecurityManager

checkMemberAccess

public void checkMemberAccess(Class clazz,
                              int which)
Overrides:
checkMemberAccess in class SecurityManager

checkMulticast

public void checkMulticast(InetAddress maddr)
Overrides:
checkMulticast in class SecurityManager

checkMulticast

public void checkMulticast(InetAddress maddr,
                           byte ttl)
Overrides:
checkMulticast in class SecurityManager

checkPackageAccess

public void checkPackageAccess(String pkg)
Overrides:
checkPackageAccess in class SecurityManager

checkPackageDefinition

public void checkPackageDefinition(String pkg)
Overrides:
checkPackageDefinition in class SecurityManager

checkPrintJobAccess

public void checkPrintJobAccess()
Overrides:
checkPrintJobAccess in class SecurityManager

checkPropertiesAccess

public void checkPropertiesAccess()
Overrides:
checkPropertiesAccess in class SecurityManager

checkPropertyAccess

public void checkPropertyAccess(String key)
Overrides:
checkPropertyAccess in class SecurityManager

checkRead

public void checkRead(FileDescriptor fd)
Overrides:
checkRead in class SecurityManager

checkRead

public void checkRead(String file)
Overrides:
checkRead in class SecurityManager

checkRead

public void checkRead(String file,
                      Object context)
Overrides:
checkRead in class SecurityManager

checkSecurityAccess

public void checkSecurityAccess(String action)
Overrides:
checkSecurityAccess in class SecurityManager

checkSetFactory

public void checkSetFactory()
Overrides:
checkSetFactory in class SecurityManager

checkSystemClipboardAccess

public void checkSystemClipboardAccess()
Overrides:
checkSystemClipboardAccess in class SecurityManager

checkTopLevelWindow

public boolean checkTopLevelWindow(Object window)
Overrides:
checkTopLevelWindow in class SecurityManager

checkWrite

public void checkWrite(FileDescriptor fd)
Overrides:
checkWrite in class SecurityManager

checkWrite

public void checkWrite(String file)
Overrides:
checkWrite in class SecurityManager

CroftSoft Javadoc

CroftSoft Core Javadoc (2008-09-28 20:58:02)