001 package com.croftsoft.core.security.manager; 002 003 import java.io.FileDescriptor; 004 import java.net.InetAddress; 005 006 /********************************************************************* 007 * A generic <I>SecurityManager</I> implementation to host untrusted 008 * code loaded over a network. "Untrusted" code is defined as any 009 * class that was loaded using a <I>ClassLoader</I> instead of being 010 * read in directly from the local <I>classpath</I>. 011 * 012 * <P> 013 * 014 * Implement by including the following as the very first line of the 015 * <I>main ( )</I> method of your application: 016 * 017 * <PRE> 018 * System.setSecurityManager ( new HostSecurityManager ( ) ); 019 * </PRE> 020 * 021 * <P> 022 * 023 * Each of the 29 "check" methods of the standard Java 1.1.5 superclass 024 * <I>SecurityManager</I> are overridden to just call the 025 * <A HREF="#reject_untrusted">reject_untrusted ( )</A> method. 026 * This method simply throws a <I>SecurityException</I> if the 027 * superclass method <I>inClassLoader ( )</I> returns true. 028 * 029 * <P> 030 * 031 * To my knowledge, the only four possible "hostile" actions remaining 032 * that untrusted code could still perform on the host when using 033 * this implementation of <I>SecurityManager</I> are 034 * 035 * <UL> 036 * <LI> attempting to read from the standard input <I>System.in</I>, 037 * <LI> writing to the console outputs <I>err</I> and <I>out</I>, 038 * <LI> consuming excessive processor time in its single thread, and 039 * <LI> consuming memory until an <I>OutOfMemoryError</I> occurs. 040 * </UL> 041 * 042 * <P> 043 * 044 * Preventing untrusted code from reading from and writing to the 045 * standard console could be accomplished by replacing the default 046 * IO streams with customized classes that would throw a 047 * <I>SecurityException</I>. 048 * 049 * See <I>System.setErr ( err )</I>, <I>System.setIn ( in )</I>, and 050 * <I>System.setOut ( out )</I>. 051 * 052 * <P> 053 * 054 * If the standard console IO stream blocking were implemented, 055 * untrusted code would have no method of communication except by 056 * calling the methods of other objects within the virtual machine. 057 * Further communication (sockets, etc.) to the outside could then be 058 * optionally permitted by trusted classes. See 059 * <I>SecurityManager.inCheck</I>, 060 * <I>SecurityManager.getInCheck ( )</I>, and 061 * <I>SecurityManager.getSecurityContext ( )</I>. 062 * 063 * @author 064 * <A HREF="http://www.alumni.caltech.edu/~croft">David W. Croft</A> 065 * @version 066 * 1999-02-13 067 *********************************************************************/ 068 069 public class UntrustedSecurityManager extends SecurityManager 070 ////////////////////////////////////////////////////////////////////// 071 ////////////////////////////////////////////////////////////////////// 072 { 073 074 /********************************************************************* 075 * Called by all of the "check" methods to foil untrusted code. 076 * <PRE> 077 * if ( inClassLoader ( ) ) 078 * throw new SecurityException ( "untrusted" ); 079 * </PRE> 080 *********************************************************************/ 081 protected void reject_untrusted ( ) 082 ////////////////////////////////////////////////////////////////////// 083 { 084 if ( inClassLoader ( ) ) 085 throw new SecurityException ( "untrusted" ); 086 } 087 088 ////////////////////////////////////////////////////////////////////// 089 // Check methods 090 ////////////////////////////////////////////////////////////////////// 091 092 public void checkAccept ( String host, int port ) 093 { reject_untrusted ( ); } 094 095 public void checkAccess ( Thread t ) 096 { reject_untrusted ( ); } 097 098 public void checkAccess ( ThreadGroup g ) 099 { reject_untrusted ( ); } 100 101 public void checkAwtEventQueueAccess ( ) 102 { reject_untrusted ( ); } 103 104 public void checkConnect ( String host, int port ) 105 { reject_untrusted ( ); } 106 107 public void checkConnect ( String host, int port, Object context ) 108 { reject_untrusted ( ); } 109 110 public void checkCreateClassLoader ( ) 111 { reject_untrusted ( ); } 112 113 public void checkDelete ( String file ) 114 { reject_untrusted ( ); } 115 116 public void checkExec ( String cmd ) 117 { reject_untrusted ( ); } 118 119 public void checkExit ( int status ) 120 { reject_untrusted ( ); } 121 122 public void checkLink ( String libname ) 123 { reject_untrusted ( ); } 124 125 public void checkListen ( int port ) 126 { reject_untrusted ( ); } 127 128 public void checkMemberAccess ( Class clazz, int which ) 129 { reject_untrusted ( ); } 130 131 public void checkMulticast ( InetAddress maddr ) 132 { reject_untrusted ( ); } 133 134 public void checkMulticast ( InetAddress maddr, byte ttl ) 135 { reject_untrusted ( ); } 136 137 public void checkPackageAccess ( String pkg ) 138 { reject_untrusted ( ); } 139 140 public void checkPackageDefinition ( String pkg ) 141 { reject_untrusted ( ); } 142 143 public void checkPrintJobAccess ( ) 144 { reject_untrusted ( ); } 145 146 public void checkPropertiesAccess ( ) 147 { reject_untrusted ( ); } 148 149 public void checkPropertyAccess ( String key ) 150 { reject_untrusted ( ); } 151 152 public void checkRead ( FileDescriptor fd ) 153 { reject_untrusted ( ); } 154 155 public void checkRead ( String file ) 156 { reject_untrusted ( ); } 157 158 public void checkRead ( String file, Object context ) 159 { reject_untrusted ( ); } 160 161 public void checkSecurityAccess ( String action ) 162 { reject_untrusted ( ); } 163 164 public void checkSetFactory ( ) 165 { reject_untrusted ( ); } 166 167 public void checkSystemClipboardAccess ( ) 168 { reject_untrusted ( ); } 169 170 public boolean checkTopLevelWindow ( Object window ) 171 { reject_untrusted ( ); return true; } 172 173 public void checkWrite ( FileDescriptor fd ) 174 { reject_untrusted ( ); } 175 176 public void checkWrite ( String file ) 177 { reject_untrusted ( ); } 178 179 ////////////////////////////////////////////////////////////////////// 180 ////////////////////////////////////////////////////////////////////// 181 }