[osgi-dev] Policy based signature checking on bundles

Wed, 01 Feb 2012 01:43:59 -0800 

Hi,

We ran into problems, using signed bundles with Equinox using the
org.osgi.service.condpermadmin.BundleSignerCondition. We found, that bundles
with corrupted resources were started without SecurityException or something
simliar. 

When is the BundleSignerCondition evaluated to false? 
Our observation was, that
        * unsigned bundles
        * signed bundles with other signer-DN than the one given in the
policy
        * signed bundles with tampered SF file
        * signed bundles with tampered MF file
are not started by Equinox, due to lack of permission. This is fine so far,
but bundles containing tampered class files were installed and started.

For the same bundle the jarsigner tool coming with the JDK identified the
tampered class file within the bundle and threw a SecurityException
reporting a SHA1-digest error for that certain class file.

Our configuration:
The Equinox framework is started by a launcher class. After starting the
framework, the first bundle started is a  bundle to update the security
policy. It gets the
org.osgi.service.condpermadmin.ConditionalPermissionAdmin from the bundle
context and uses it's ConditionalPermissionUpdate to commit the update. The
policy in force is this one:

ALLOW { 
        [ org.osgi.service.condpermadmin.BundleLocationCondition
"system:de.company.project.policy/" ]
        (java.security.AllPermission "*" "*")
} "Management Agent Policy"

ALLOW {
   [ org.osgi.service.condpermadmin.BundleSignerCondition
"CN=project,O=company,C=de" ]
   (java.security.AllPermission "*" "*")
} "Bundles Signed by company get AllPermission"

The Java VM is started with following properties
-Djava.security.manager 
-Djava.security.policy=all.policy 
-Dorg.osgi.framework.trust.repositories=certificates.ks  
-Dorg.osgi.framework.security="osgi"

Where certificates.ks is a java keystore file containing the certificate for
signature checking and all.policy is a java policy file providing full
permissions:

grant { permission java.security.AllPermission; };

The JRE is jdk1.6.0_30.

Is there a chance, to change the configuration to get more restrictive
signature checking?
Thank you
Tobias


_______________________________________________
OSGi Developer Mail List
[email protected]
https://mail.osgi.org/mailman/listinfo/osgi-dev

Reply via email to