>
> Hi,
>
> I was considering doing a virtual hosting solution
> that allows Apache+JBoss+Tomcat to allow users
> to implement their own webapps. Is there any
> protection from a user putting a "System.exit(0)"
> into their code? Is there a way to prevent this?
>
You can prevent this by not assigning the java.lang.RuntimePermission exitVM to
the code you load. This is a little tedious with the default policy file implementation
because there are no negative permissions, so I would consider implementing a
custom policy or maybe just a custom ClassLoader that removed this permission. Here
is a little example using the default policy file:
bash-2.04$ java -Djava.security.manager -Djava.security.policy==exit.policy -cp .
tstExit
Begin BadService.run()
java.security.AccessControlException: access denied (java.lang.RuntimePermission
exitVM)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkExit(SecurityManager.java:765)
at java.lang.Runtime.exit(Runtime.java:91)
at java.lang.System.exit(System.java:701)
at BadService.run(BadService.java:6)
at tstExit.main(tstExit.java:15)
End BadService.run()
bash-2.04$
import java.net.*;
class tstExit
{
public static void main(String[] args)
{
System.out.println("Begin BadService.run()");
try
{
URL[] urls = {new URL("file:/tmp/bs.jar")};
URLClassLoader loader = URLClassLoader.newInstance(urls);
Class bs = loader.loadClass("BadService");
Runnable s = (Runnable) bs.newInstance();
s.run();
}
catch(Throwable t)
{
t.printStackTrace();
}
System.out.println("End BadService.run()");
System.exit(0);
}
}
bash-2.04$ cat BadService.java
public class BadService implements Runnable
{
public void run()
{
System.exit(0);
}
}
bash-2.04$ cat exit.policy
grant codeBase "file:/tmp/bs.jar" {
permission java.util.PropertyPermission "*", "read";
};
bash-2.04$ jar -tf bs.jar
META-INF/
META-INF/MANIFEST.MF
BadService.class
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]