[jruby-dev] [jira] Created: (JRUBY-5206) Better handling if suppressAccessChecks is not permitted (regression)

Mon, 22 Nov 2010 17:02:15 -0800 

Better handling if suppressAccessChecks is not permitted (regression)
---------------------------------------------------------------------

                 Key: JRUBY-5206
                 URL: http://jira.codehaus.org/browse/JRUBY-5206
             Project: JRuby
          Issue Type: Improvement
          Components: Java Integration
    Affects Versions: JRuby 1.1.3
            Reporter: Trejkaz
            Assignee: Charles Oliver Nutter
             Fix For: JRuby 1.4


I am writing a restrictive script runner and would like to deny scripts from 
calling methods which they cannot conventionally access.

So I wrote a wrapper which does not grant the "suppressAccessChecks" 
RuntimePermission, but this causes JRuby to bomb out completely:

{noformat}
java.security.AccessControlException: access denied 
(java.lang.reflect.ReflectPermission suppressAccessChecks)
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at 
java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at 
java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
        at org.jruby.javasupport.JavaMethod.<init>(JavaMethod.java:90)
        at org.jruby.javasupport.JavaMethod.create(JavaMethod.java:97)
        at 
org.jruby.javasupport.JavaClass$MethodCallback.createJavaMethods(JavaClass.java:296)
        at 
org.jruby.javasupport.JavaClass$InstanceMethodInvoker.execute(JavaClass.java:385)
        at 
org.jruby.internal.runtime.methods.SimpleCallbackMethod.call(SimpleCallbackMethod.java:67)
        at 
org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:224)
        at 
org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:201)
        at 
org.jruby.runtime.CallSite$InlineCachingCallSite.cacheAndCall(CallSite.java:123)
        at 
org.jruby.runtime.CallSite$InlineCachingCallSite.call(CallSite.java:333)
        at org.jruby.ast.CallNoArgNode.interpret(CallNoArgNode.java:61)
        at org.jruby.ast.WhileNode.interpret(WhileNode.java:124)
        at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:101)
        at org.jruby.ast.BlockNode.interpret(BlockNode.java:67)
        at 
org.jruby.internal.runtime.methods.DefaultMethod.interpretedCall(DefaultMethod.java:171)
        <cut>
{noformat}

I think it would be better if it could work in this situation, but provide 
access to less methods.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

Reply via email to