I now have a security manager which more or less does what I mentioned in my
earlier posts. It's integrated into JServ, as I now have in my
jserv.properties entries like these:
# -- SecurityManager --
# Allows to introduce an additional level of security in your setup
#
# Name of the Security Manager (if not set, no SecurityManager is set)
security.manager.name=chroot
# Name of the Configurable SecurityManager class
security.manager.chroot.class=org.apache.java.lang.JailSecurityManager
# Allowed to read from files starting with this canonical path
security.manager.chroot.init.readroot=/usr/java/ext/
security.manager.chroot.init.readroot=/etc/java/
security.manager.chroot.init.readroot=/usr/java/zipjar/
security.manager.chroot.init.readroot=/usr/java/classes/
security.manager.chroot.init.readroot=/usr/local/www/
# Allowed to write on files starting with this canonical path
security.manager.chroot.init.writeroot=/usr/tmp/
# Ports denied to connect to
security.manager.chroot.init.deniedport=21
security.manager.chroot.init.deniedport=22
security.manager.chroot.init.deniedport=23
# Hosts denied to connect to
security.manager.chroot.init.deniedhost=10.0.0.2
security.manager.chroot.init.deniedhost=10.0.0.3
The security.manager.chroot.class class is a SecurityManager which
implements Configurable, an interface which just contains one method:
configure(Configurations conf)
A summary of what it does:
- Allows binding to the JServ port, as configured in jserv.properties
- Allows file read access to multiple specified canonical paths
- Allows file write access to multiple specified canonical paths
- Denies connection to multiple specified ports (at least 22 and 23
suggested)
- Denies connection to multiple specified hosts
- Allow linking to multiple specified libraries
- Disallow executing external code
- Allows several other things
I'm still playing with the configuration parameter names and refining other
aspects (still subtle ways may be left which in certain cases may be used to
bypass this security). Currently, this stuff has performed well on test
sites, and I'm just putting it at our production sites.
The present system required two trivial modifications of JServ.java, and
adding two classes (JailSecurityManager and Configurable). To have a more
flexible security system would require more modifications to JServ, which
I'll try to do if have time :-\
What about integrating this simple SecurityManager infrastructure into
JServ?
Carlos
--
----------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
