[security-dev 00066]: Javasss (Safe secure sandbox) for jdk 6 and openjdk 7

Sean Godsell sgodsell at hotmail.com
Tue Feb 12 13:50:59 PST 2008


 Hello once again openjdk people,

Previously Javass required openjdk 7.  Now it supports jdk 6 update 3.  The following is a list of enhancements:
     - Overwrite and lock users file paths to a specific base path (like chroot in unix)
     - All temporary files can automatically be created in the base path without any program change to existing applications
     - You can limit the amount of storage being used in a path or file 
     - You can limit the # of file and directories being created in path
     - You can make any path read only or read/write
     - You can allow or deny whether libraries can be loaded from a path.
     - You can allow or deny whether native methods can be used from a path.
     - You can have multiple paths to allow users to read or write to with different
        limiting storage and or # or files and directories.
     - You can limit the number of threads and thread priority.
     - You can limit the maximum # of windows being created.
     - You can allow or deny hosts and ports being used.
     - You can allow or deny execution of runtime process.
     - You can limit the amount of socket traffic throughput in bytes per second
     - All items can be controlled in a simple properties file
     - Allow threads to have different paths, and/or lock every new thread with certain paths
     - Allow users to configure thread paths using a key.
     - Existing programs and applications can run without any changes or modifications.

A security manager cannot even do half the items previously listed.  There is complete source code and examples are at the following site:
 
    http://javasss.sourceforge.net/
 
Sean Godsell
 

_________________________________________________________________




More information about the security-dev mailing list