RFR (12): 8191053: Provide a mechanism to make system's security manager immutable
Will Sargent
will.sargent at gmail.com
Mon Sep 17 15:10:57 UTC 2018
I'm talking about sandboxing from the perspective of object capability
patterns, where you can contain some actor inside a constrained classloader
context and only allow execution through proxies that may be revoked. The
JEE model, in theory, allows you to run several web applications without
them stepping on each others toes, although I don't know how well
implemented that is in practice.
BTW, Docker runs as root, so the virtual machine is where you get
additional security: https://github.com/wsargent/docker-cheat-sheet#security
On Mon, Sep 17, 2018 at 2:09 AM Alan Bateman <Alan.Bateman at oracle.com>
wrote:
> On 16/09/2018 20:37, Will Sargent wrote:
>
> > The security manager is legacy these days and I think we need to
> figure out a plan how to deprecate and eventually bury it.
>
> I don't know of any research or papers that explicitly say that
> SecurityManager is "legacy". I did some research into this a while ago,
> and while SecurityManager has some major flaws, I don't know of any other
> way to sandbox a Java application.
>
> Have you looked into native containers? It's easy to find examples of
> applications running in a docker container for example.
>
> -Alan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180917/5961fb36/attachment.htm>
More information about the security-dev
mailing list