Platform module security
Sean Mullan
sean.mullan at oracle.com
Tue Dec 6 08:01:09 PST 2011
How do we know if a module is part of the JRE platform and can be trusted
exclusively?
The current code in org.openjdk.jigsaw.Platform uses a fragile mechanism:
public static boolean isPlatformModuleName(String mn) {
return (mn.equals("jdk") || mn.startsWith("jdk.") ||
mn.startsWith("sun."));
}
// ## We really must do something more secure and robust here!
static boolean isPlatformContext(BaseContext cx) {
for (ModuleId mid : cx.modules()) {
if (!isPlatformModuleName(mid.name()))
return false;
}
return true;
}
I can think of two potential solutions:
1) Nothing other than JRE platform modules can be installed/stored in the system
library. How this is enforced is a separate question.
2) All platform modules are signed with a special certificate that we can identify.
Any other thoughts?
Thanks,
Sean
More information about the jigsaw-dev
mailing list