Re: Tomcat + Hibernate2 + Security Manager
Hi !
On Tue, 27 Jan 2004 12:14:16 -0500, Jeanfrancois Arcand [EMAIL PROTECTED] escreveu:
De: Jeanfrancois Arcand [EMAIL PROTECTED]
Data: Tue, 27 Jan 2004 12:14:16 -0500
Para: Tomcat Users List [EMAIL PROTECTED]
Assunto: Re: Tomcat + Hibernate2 + Security Manager
Webmaster wrote:
Hi all,
I know this is a little bit out of topic, but the general concept is useful for
everybody.
I run tomcat with security manager for a dozen users. Recently, people started to
use the hibernate 2 which requires some funky permissions.
I had to put these lines in the 'global' permission to make it work:
grant {
...
permission java.lang.RuntimePermission accessDeclaredMembers;
permission java.lang.reflect.ReflectPermission suppressAccessChecks;
permission java.lang.RuntimePermission defineCGLIBClassInJavaPackage;
...
}
Note: I DID test using a codebase like:
grant codeBase file:/home//client/public_html/WEB-INF/lib/hibernate2.jar!/- {
but the classes hibernate creates after reflection stop obeying the security
manager.
Do you have the exception? Which Tomcat version are you using?
I'm using 4.1.29. The classes that hibernate creates dinamically are the ones that
don't follow the codebase anymore, it's like they have a 'null' codebase after they
are created.
Are there any security risks on a security setup with those 3 lines for all classes
in the JVM ?
Yes. It will now allow a Servlet to load tomcat internal classes and
maybe do malicious things.
Right now, my clients don't have permissions to read the classes in /server/lib
directory ( I don't give file io permission to this directory, only to /common/lib ).
Would that be enough to stop these malicious things ?
-- Jeanfrancois
Thanks
Renato.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Hibernate2 + Security Manager
Webmaster wrote:
Hi !
On Tue, 27 Jan 2004 12:14:16 -0500, Jeanfrancois Arcand [EMAIL PROTECTED] escreveu:
De: Jeanfrancois Arcand [EMAIL PROTECTED]
Data: Tue, 27 Jan 2004 12:14:16 -0500
Para: Tomcat Users List [EMAIL PROTECTED]
Assunto: Re: Tomcat + Hibernate2 + Security Manager
Webmaster wrote:
Hi all,
I know this is a little bit out of topic, but the general concept is useful for everybody.
I run tomcat with security manager for a dozen users. Recently, people started to use the hibernate 2 which requires some funky permissions.
I had to put these lines in the 'global' permission to make it work:
grant {
...
permission java.lang.RuntimePermission accessDeclaredMembers;
permission java.lang.reflect.ReflectPermission suppressAccessChecks;
permission java.lang.RuntimePermission defineCGLIBClassInJavaPackage;
...
}
Note: I DID test using a codebase like:
grant codeBase file:/home//client/public_html/WEB-INF/lib/hibernate2.jar!/- {
but the classes hibernate creates after reflection stop obeying the security manager.
Do you have the exception? Which Tomcat version are you using?
I'm using 4.1.29. The classes that hibernate creates dinamically are the ones that don't follow the codebase anymore, it's like they have a 'null' codebase after they are created.
Are there any security risks on a security setup with those 3 lines for all classes in the JVM ?
Yes. It will now allow a Servlet to load tomcat internal classes and
maybe do malicious things.
Right now, my clients don't have permissions to read the classes in /server/lib directory ( I don't give file io permission to this directory, only to /common/lib ). Would that be enough to stop these malicious things ?
Yes. But you should only grant those permission to the Hibernate jar
files, not the entire folder.
-- Jeanfrancois
-- Jeanfrancois
Thanks
Renato.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Hibernate2 + Security Manager
Howdy,
I know this is a little bit out of topic, but the general concept is
useful
for everybody.
I agree this is useful for everyone. Posting off-topic is fine as long
as you mark it by placing [OFF-TOPIC] at the beginning of the subject
line.
Note: I DID test using a codebase like:
grant codeBase file:/home//client/public_html/WEB-
INF/lib/hibernate2.jar!/- {
but the classes hibernate creates after reflection stop obeying the
security manager.
Yeah, that's too bad. The SuppressAccessChecks permission is dangerous,
if malicious code is running inside your VM.
Yoav Shapira
This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged. This
e-mail is intended only for the individual(s) to whom it is addressed, and may not be
saved, copied, printed, disclosed or used by anyone else. If you are not the(an)
intended recipient, please immediately delete this e-mail from your computer system
and notify the sender. Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[OT] RE: Tomcat + Hibernate2 + Security Manager
Could you give an example of how a malicious code could affect the security of the JVM
?
Usually I have a codebase policy like this for each user:
permission java.io.FilePermission /home/client/public_html/-, read,write,delete;
I guess that if someone writes a piece of code that tries to acess private functions,
static variables, etc from other libraries in different directories, this policy will
intercept the request and the malicious code will not work. Am I right ? Is there a
way that somebody could write code that uses the catalina classes in order to do
something bad ?
On Tue, 27 Jan 2004 12:04:21 -0500, Shapira, Yoav [EMAIL PROTECTED] escreveu:
De: Shapira, Yoav [EMAIL PROTECTED]
Data: Tue, 27 Jan 2004 12:04:21 -0500
Para: Tomcat Users List [EMAIL PROTECTED]
Assunto: RE: Tomcat + Hibernate2 + Security Manager
Howdy,
I know this is a little bit out of topic, but the general concept is
useful
for everybody.
I agree this is useful for everyone. Posting off-topic is fine as long
as you mark it by placing [OFF-TOPIC] at the beginning of the subject
line.
Note: I DID test using a codebase like:
grant codeBase file:/home//client/public_html/WEB-
INF/lib/hibernate2.jar!/- {
but the classes hibernate creates after reflection stop obeying the
security manager.
Yeah, that's too bad. The SuppressAccessChecks permission is dangerous,
if malicious code is running inside your VM.
Yoav Shapira
This e-mail, including any attachments, is a confidential business communication,
and may contain information that is confidential, proprietary and/or privileged.
This e-mail is intended only for the individual(s) to whom it is addressed, and may
not be saved, copied, printed, disclosed or used by anyone else. If you are not
the(an) intended recipient, please immediately delete this e-mail from your computer
system and notify the sender. Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [OT] RE: Tomcat + Hibernate2 + Security Manager
Howdy, Could you give an example of how a malicious code could affect the security of the JVM ? You mean in general? How about System.exit()? Usually I have a codebase policy like this for each user: permission java.io.FilePermission /home/client/public_html/-, read,write,delete; I guess that if someone writes a piece of code that tries to acess private functions, static variables, etc from other libraries in different directories, this policy will intercept the request and the malicious code will not work. Am I right ? Is there a way that somebody could write code that uses the catalina classes in order to do something bad ? Your IO permissions are not related to the reflection private access permission. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Hibernate2 + Security Manager
Webmaster wrote:
Hi all,
I know this is a little bit out of topic, but the general concept is useful for everybody.
I run tomcat with security manager for a dozen users. Recently, people started to use the hibernate 2 which requires some funky permissions.
I had to put these lines in the 'global' permission to make it work:
grant {
...
permission java.lang.RuntimePermission accessDeclaredMembers;
permission java.lang.reflect.ReflectPermission suppressAccessChecks;
permission java.lang.RuntimePermission defineCGLIBClassInJavaPackage;
...
}
Note: I DID test using a codebase like:
grant codeBase file:/home//client/public_html/WEB-INF/lib/hibernate2.jar!/- {
but the classes hibernate creates after reflection stop obeying the security manager.
Do you have the exception? Which Tomcat version are you using?
Are there any security risks on a security setup with those 3 lines for all classes in the JVM ?
Yes. It will now allow a Servlet to load tomcat internal classes and
maybe do malicious things.
-- Jeanfrancois
Thanks
Renato.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Hibernate2 + Security Manager
FYI: This has also been discussed here:
http://freeroller.net/page/jcarreira/20040126
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 27, 2004 11:04 AM
To: Tomcat Users List
Subject: RE: Tomcat + Hibernate2 + Security Manager
Howdy,
I know this is a little bit out of topic, but the general concept is
useful
for everybody.
I agree this is useful for everyone. Posting off-topic is
fine as long as you mark it by placing [OFF-TOPIC] at the
beginning of the subject line.
Note: I DID test using a codebase like:
grant codeBase file:/home//client/public_html/WEB-
INF/lib/hibernate2.jar!/- {
but the classes hibernate creates after reflection stop obeying the
security manager.
Yeah, that's too bad. The SuppressAccessChecks permission is
dangerous, if malicious code is running inside your VM.
Yoav Shapira
This e-mail, including any attachments, is a confidential
business communication, and may contain information that is
confidential, proprietary and/or privileged. This e-mail is
intended only for the individual(s) to whom it is addressed,
and may not be saved, copied, printed, disclosed or used by
anyone else. If you are not the(an) intended recipient,
please immediately delete this e-mail from your computer
system and notify the sender. Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
