文档章节

Java Magic. Part 5: SecurityManager

qiujiayu
 qiujiayu
发布于 2016/07/25 19:10
字数 542
阅读 9
收藏 0

Pouring a bit light on SecurityManager and its use cases.

Intro

You can do a terrible things in java using sun.misc.Unsafe class. Some really creepy examples were discussed in Java Magic. Part 5: sun.misc.Unsafe

SecurityManager is a guard, which could help to prevent some sensitive actions (io, net, reflection, access etc.)

SecurityManager manager = System.getSecurityManager();
if (manager != null) {
    manager.checkAction(action);
}

If action is not allowed SecurityExeption occurs.

Use Case

Now its a time to write some code.

Assume we are building online grader, a system which accepts some java code, runs it, gets results and verify that results are correct. Such graders are useful for computer science courses in MOOC platforms like coursera, udacity, etc.

Obviously, running untrusted code is unsafe, so we need to make sure code submitter does not break/compromise whole grader system. For example such sumbitter could read passwords and modify grading entry in database. Or even worse, it could fill out the whole file system, RAM or consume all threads and prevent grading for other submitters.

SecurityManager solves these issues.
Extend it and override needed policies, specifying what is allowed and what is not.

class MySecurityManager extends SecurityManager {
    @Override
    public void checkRead(FileDescriptor fd) {
        throw new SecurityException("File reading is not allowed");
    }

    @Override
    public void checkWrite(FileDescriptor fd) {
        throw new SecurityException("File writing is not allowed");
    }

    @Override
    public void checkConnect(String host, int port) {
        throw new SecurityException("Socket connections are not allowed");
    }
}

You can set such security manager in runtime using:

System.setSecurityManager(new MySecurityManager());

Note: setSecurityManager is controlled by security manager as well.

If some restricted action is executed, SecurityException occurs.

Inspect methods from SecurityManager which starts with check prefix. There are plenty of checks JVM may run before your code.

Though, security manager is useful tool for configuring access to subsystems and prevent untrusted code from doing a terrible things, some actions are not controlled by security manager.

Memory Allocation

(un)fortunately, memory allocation is not controlled by a programmer and the same way SecurityManagercan't restrict object creation. If you need validate that untrusted code fulfills memory requirements, execute it in a separate JVM and give it maximum amount of memory java -Xmx128m. If memory requirements are broken OutOfMemory occurs, but as long as this was executed in another JVM, this won't affect grader.

For more accurate memory management you need to attach instrumentation agent to a java process.

Threads

There is no way to limit number of threads spawned by a java process. If only ExecutorService responsible for thread creation, then introduce limit by using ExecutorService.newFixedThreadPool(limit) inside the code and make this as a convention.

Otherwise you need to write a custom agent that tracks number of active threads. Such functionality available in some proprietary java agents.

Timeouts

To make sure that program finishes in specific time period, use some external tool for setting a timeout for it. For linux it's a coreutils project, see a related discussion on stackoverflow

Libraries

You can prevent whole package usage by SecurityManager.checkPackageAccess. The same way you can prevent usage of some external libraries or products from whole organisations. But if you want prevent usage of some specific method, like java.lang.Math.min(), you probably need to manually scan java source file and detect such call.

本文转载自:http://mishadoff.com/blog/java-magic-part-5-securitymanager/

共有 人打赏支持
qiujiayu
粉丝 53
博文 29
码字总数 12610
作品 1
东城
架构师
私信 提问
【项目管理】软件项目经理须知的 Java 8 安全知识

【译者按】作为软件研发项目的项目经理,只懂项目管理知识是不够的,需要对软件技术本身有基本的了解。Java 是一种主流的系统开发语言,其安全设计对于构建安全的信息系统有至关重要的意义。...

军雷
2017/06/08
0
0
Jikes RVM 3.1.3 发布,研究虚拟机

Jikes RVM 3.1.3 包含一些增强和 bug 修复,如新的单元测试框架,修复了使用 Java 6/7 host JVM 构建 Jikes RVM 的问题,源码的清理等待。 Jikes研究虚拟机(Jikes Research Virtual Machin...

oschina
2013/02/13
794
3
亲手打造:构建第一个Apache Shiro应用

构建第一个Apache Shiro应用 如果您是Apache Shiro的新手,这个简短的教程将向您展示如何设置基于Apache Shiro的初始的且非常简单的安全应用。我们将一路讨论Shiro的核心概念,以帮助您熟悉S...

尘_竹
2018/05/26
0
0
Java就业变难了?你需要对自己有点信心

伴随着IT的火热,越来越多的人进入了IT领域,这在进一步推动着IT发展的同时也极大增加了就业压力。伴随着激烈的岗位竞争,越来越多的人开始感叹工作难找,越火的行业越是如此,Java自是首当其...

糖宝_d864
2018/06/08
0
0
java.lang 学习笔记

java.lang 提供java语言程序设计的基础类; 不用import; java 语言的核心; Object 类 java.lang 的根类,所有类的超类(父类) 基本类型 Boolean、Character、Byte 、Short、Integer、Lon...

hellation_
03/17
0
1

没有更多内容

加载失败,请刷新页面

加载更多

租房软件隐私保护如同虚设

近日,苏州市民赵先生向江苏新闻广播新闻热线025-84658888反映,他在“安居客”手机应用软件上浏览二手房信息,并且使用该软件自动生成的虚拟号码向当地一家中介公司进行咨询。可电话刚挂不久...

linux-tao
33分钟前
1
0
分布式项目(五)iot-pgsql

书接上回,在Mapping server中,我们已经把数据都整理好了,现在利用postgresql存储历史数据。 iot-pgsql 构建iot-pgsql模块,这里我们写数据库为了性能考虑不在使用mybatis,换成spring jd...

lelinked
今天
2
0
一文分析java基础面试题中易出错考点

前言 这篇文章主要针对的是笔试题中出现的通过查看代码执行结果选择正确答案题材。 正式进入题目内容: 1、(单选题)下面代码的输出结果是什么? public class Base { private Strin...

一看就喷亏的小猿
今天
1
0
cocoapods 用法

cocoapods install pod install 更新本地已经install的仓库 更新所有的仓库 pod update --verbose --no-repo-update 更新制定的仓库 pod update ** --verbose --no-repo-update...

HOrange
今天
3
0
linux下socket编程实现一个服务器连接多个客户端

使用socekt通信一般步骤 1)服务器端:socker()建立套接字,绑定(bind)并监听(listen),用accept()等待客户端连接。 2)客户端:socker()建立套接字,连接(connect)服务器,连接上后...

shzwork
昨天
3
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部