Could you give an example of how a malicious code could affect the security of the JVM
?
Usually I have a codebase policy like this for each user:
permission java.io.FilePermission /home/client/public_html/-, read,write,delete;
I guess that if someone writes a piece of code that tries to acess private functions,
static variables, etc from other libraries in different directories, this policy will
intercept the request and the malicious code will not work. Am I right ? Is there a
way that somebody could write code that uses the catalina classes in order to do
something bad ?
On Tue, 27 Jan 2004 12:04:21 -0500, Shapira, Yoav [EMAIL PROTECTED] escreveu:
De: Shapira, Yoav [EMAIL PROTECTED]
Data: Tue, 27 Jan 2004 12:04:21 -0500
Para: Tomcat Users List [EMAIL PROTECTED]
Assunto: RE: Tomcat + Hibernate2 + Security Manager
Howdy,
I know this is a little bit out of topic, but the general concept is
useful
for everybody.
I agree this is useful for everyone. Posting off-topic is fine as long
as you mark it by placing [OFF-TOPIC] at the beginning of the subject
line.
Note: I DID test using a codebase like:
grant codeBase file:/home//client/public_html/WEB-
INF/lib/hibernate2.jar!/- {
but the classes hibernate creates after reflection stop obeying the
security manager.
Yeah, that's too bad. The SuppressAccessChecks permission is dangerous,
if malicious code is running inside your VM.
Yoav Shapira
This e-mail, including any attachments, is a confidential business communication,
and may contain information that is confidential, proprietary and/or privileged.
This e-mail is intended only for the individual(s) to whom it is addressed, and may
not be saved, copied, printed, disclosed or used by anyone else. If you are not
the(an) intended recipient, please immediately delete this e-mail from your computer
system and notify the sender. Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]