001         package com.croftsoft.core.security.manager;
002    
003         import java.io.FileDescriptor;
004         import java.net.InetAddress;
005    
006         /*********************************************************************
007         * A generic <I>SecurityManager</I> implementation to host untrusted
008         * code loaded over a network.  "Untrusted" code is defined as any
009         * class that was loaded using a <I>ClassLoader</I> instead of being
010         * read in directly from the local <I>classpath</I>.
011         *
012         * <P>
013         *
014         * Implement by including the following as the very first line of the
015         * <I>main ( )</I> method of your application:
016         *
017         * <PRE>
018         * System.setSecurityManager ( new HostSecurityManager ( ) );
019         * </PRE>
020         *
021         * <P>
022         *
023         * Each of the 29 "check" methods of the standard Java 1.1.5 superclass
024         * <I>SecurityManager</I> are overridden to just call the
025         * <A HREF="#reject_untrusted">reject_untrusted ( )</A> method.
026         * This method simply throws a <I>SecurityException</I> if the
027         * superclass method <I>inClassLoader ( )</I> returns true.
028         *
029         * <P>
030         *
031         * To my knowledge, the only four possible "hostile" actions remaining
032         * that untrusted code could still perform on the host when using
033         * this implementation of <I>SecurityManager</I> are
034         *
035         * <UL>
036         * <LI> attempting to read from the standard input <I>System.in</I>,
037         * <LI> writing to the console outputs <I>err</I> and <I>out</I>,
038         * <LI> consuming excessive processor time in its single thread, and
039         * <LI> consuming memory until an <I>OutOfMemoryError</I> occurs.
040         * </UL>
041         *
042         * <P>
043         *
044         * Preventing untrusted code from reading from and writing to the
045         * standard console could be accomplished by replacing the default
046         * IO streams with customized classes that would throw a
047         * <I>SecurityException</I>.
048         *
049         * See <I>System.setErr ( err )</I>, <I>System.setIn ( in )</I>, and
050         * <I>System.setOut ( out )</I>.
051         *
052         * <P>
053         *
054         * If the standard console IO stream blocking were implemented,
055         * untrusted code would have no method of communication except by
056         * calling the methods of other objects within the virtual machine.
057         * Further communication (sockets, etc.) to the outside could then be
058         * optionally permitted by trusted classes.  See
059         * <I>SecurityManager.inCheck</I>,
060         * <I>SecurityManager.getInCheck ( )</I>, and
061         * <I>SecurityManager.getSecurityContext ( )</I>.
062         *
063         * @author
064         *   <A HREF="http://www.alumni.caltech.edu/~croft">David W. Croft</A>
065         * @version
066         *   1999-02-13
067         *********************************************************************/
068    
069         public class  UntrustedSecurityManager extends SecurityManager
070         //////////////////////////////////////////////////////////////////////
071         //////////////////////////////////////////////////////////////////////
072         {
073    
074         /*********************************************************************
075         * Called by all of the "check" methods to foil untrusted code.
076         * <PRE>
077         * if ( inClassLoader ( ) )
078         *   throw new SecurityException ( "untrusted" );
079         * </PRE>
080         *********************************************************************/
081         protected void  reject_untrusted ( )
082         //////////////////////////////////////////////////////////////////////
083         {
084           if ( inClassLoader ( ) )
085             throw new SecurityException ( "untrusted" );
086         }
087    
088         //////////////////////////////////////////////////////////////////////
089         // Check methods
090         //////////////////////////////////////////////////////////////////////
091    
092         public void  checkAccept ( String  host, int  port )
093           { reject_untrusted ( ); }
094    
095         public void  checkAccess ( Thread  t )
096           { reject_untrusted ( ); }
097    
098         public void  checkAccess ( ThreadGroup  g )
099           { reject_untrusted ( ); }
100    
101         public void  checkAwtEventQueueAccess ( )
102           { reject_untrusted ( ); }
103    
104         public void  checkConnect ( String  host, int  port )
105           { reject_untrusted ( ); }
106    
107         public void  checkConnect ( String  host, int  port, Object  context )
108           { reject_untrusted ( ); }
109    
110         public void  checkCreateClassLoader ( )
111           { reject_untrusted ( ); }
112    
113         public void  checkDelete ( String  file )
114           { reject_untrusted ( ); }
115    
116         public void  checkExec ( String  cmd )
117           { reject_untrusted ( ); }
118    
119         public void  checkExit ( int  status )
120           { reject_untrusted ( ); }
121    
122         public void  checkLink ( String  libname )
123           { reject_untrusted ( ); }
124    
125         public void  checkListen ( int  port )
126           { reject_untrusted ( ); }
127    
128         public void  checkMemberAccess ( Class  clazz, int  which )
129           { reject_untrusted ( ); }
130    
131         public void  checkMulticast ( InetAddress  maddr )
132           { reject_untrusted ( ); }
133    
134         public void  checkMulticast ( InetAddress  maddr, byte  ttl )
135           { reject_untrusted ( ); }
136    
137         public void  checkPackageAccess ( String  pkg )
138           { reject_untrusted ( ); }
139    
140         public void  checkPackageDefinition ( String  pkg )
141           { reject_untrusted ( ); }
142    
143         public void  checkPrintJobAccess ( )
144           { reject_untrusted ( ); }
145    
146         public void  checkPropertiesAccess ( )
147           { reject_untrusted ( ); }
148    
149         public void  checkPropertyAccess ( String  key )
150           { reject_untrusted ( ); }
151    
152         public void  checkRead ( FileDescriptor  fd )
153           { reject_untrusted ( ); }
154    
155         public void  checkRead ( String  file )
156           { reject_untrusted ( ); }
157    
158         public void  checkRead ( String  file, Object  context )
159           { reject_untrusted ( ); }
160    
161         public void  checkSecurityAccess ( String  action )
162           { reject_untrusted ( ); }
163    
164         public void  checkSetFactory ( )
165           { reject_untrusted ( ); }
166    
167         public void  checkSystemClipboardAccess ( )
168           { reject_untrusted ( ); }
169    
170         public boolean  checkTopLevelWindow ( Object  window )
171           { reject_untrusted ( ); return true; }
172    
173         public void  checkWrite ( FileDescriptor  fd )
174           { reject_untrusted ( ); }
175    
176         public void  checkWrite ( String  file )
177           { reject_untrusted ( ); }
178    
179         //////////////////////////////////////////////////////////////////////
180         //////////////////////////////////////////////////////////////////////
181         }