On Wed, Apr 22, 2009 at 12:41 PM, Felix Meschberger <fmesc...@gmail.com> wrote: > Hi, > > Jukka Zitting schrieb: >> Hi, >> >> I was thinking about the implications of giving a user write access to >> a subtree of the repository. With that access the user could now >> upload a new script and create a node that invokes that script when >> rendered. >> >> What if the script contains something like System.exit(1)? Or >> something even more malicious? >> >> Do we have mechanisms for preventing attack scenarios like that? > > No, unless Java platform security (SecurityManager) is enabled, in which > case the "exitVM" PlatformPersmission would be required to call > System.exit() and likewise for other actions.
System.exit() bears IMO no real risk, since it can be prevented by java security. scripts that heavily consume resources and/or eat CPU in endless loops are more dangerous and much harder to detect and prevent. regards, toby
