Platform module security

Sean Mullan sean.mullan at oracle.com
Tue Dec 6 08:01:09 PST 2011


How do we know if a module is part of the JRE platform and can be trusted
exclusively?

The current code in org.openjdk.jigsaw.Platform uses a fragile mechanism:

    public static boolean isPlatformModuleName(String mn) {
        return (mn.equals("jdk") || mn.startsWith("jdk.") ||
            mn.startsWith("sun."));
    }

    // ## We really must do something more secure and robust here!
    static boolean isPlatformContext(BaseContext cx) {
        for (ModuleId mid : cx.modules()) {
            if (!isPlatformModuleName(mid.name()))
                return false;
        }
        return true;
    }

I can think of two potential solutions:

1) Nothing other than JRE platform modules can be installed/stored in the system
library. How this is enforced is a separate question.

2) All platform modules are signed with a special certificate that we can identify.

Any other thoughts?

Thanks,
Sean



More information about the jigsaw-dev mailing list