JEP411: Missing use-case: Monitoring / restricting libraries

Lim lim.chainz11+mailing at gmail.com
Wed Apr 21 05:26:28 UTC 2021


Hi all, apologize if I interrupted this thread.

I agreed on what Reinier has said and I have similar concerns about
the removal of SecurityManager.

I have developed a "Mod" for a certain game to monitor which "Mods"
are using network connections. The mod is a kind of library since
other libraries can use them to extend the library functionality such
as add-on. In this context, library refers to Mod, a modification that
can provide extra features to the base game. These libraries are
usually obtained from reputable websites by the end user. However, not
all libraries can be obtained in these websites, some which are hosted
by the author themselves that are readily compiled.

Most of the library in this game does not require network connections
to work except, for legitimate reasons such as version checker,
downloading required resources, but some requested network connections
anyway without reasons. This gives the concern, are the network calls
justified for a game that can be played offline?

Besides that, Reinier gives good point of why the ability to
deny/allow network is important and I would like to give an example
when I am developing the library:

On 2021-04-16 09:29, Reinier Zwitserloot wrote:
> * Any library could have the bright idea to 'phone home' and make a
> network call simply to give the library author some idea of how
> widespread their library is used. This could have an entirely innocuous
> purpose: The library author thought it'd be a cool idea to have a live
> map of the planet on their website, with a little animated blip every
> time their library is used to, say, parse some JSON. SecurityManager is
> the simplest way to spot this and stop it.

Although most of the recent libraries do not have analytics that I've
seen, I have seen one older version of the library that has analytics
enabled without any way to disable except performing bytecode
modifications. This has implications to the users' privacy since they
do not anticipate it has analytics within them and libraries that have
analytics are frowned upon in the mod community. This also violates
some of the privacy laws in some countries.

The security manager is the only viable way to control these libraries
from "phone home" in my opinion. Since the end user "install" these
libraries by putting into a specific folder for the loader to launch
the game with these modifications. They are not expected to change
their system just to know if a particular library has these
"features". For example, using firewall/hosts file/DNS/other
monitoring tools. It might help but it does not provide insight into
which class/package which Reinier has said and that's where the
SecurityManager can help.

By using the "checkConnect" methods in SecurityManager, I can
allow/deny and notify appropriate messages in the log for the end user
to check. In addition, there is a configuration that allows the end
user to configure which hosts are allowed for the network connections.

I hope that the core SecurityManager functionality will be preserved.
Will there be an alternative that is able to provide similar
functionality through programmatic means for my use case? I have read
the comments about using JFR stream/bytecode instrumentation but it
required the usage of Java Agent and command line flags which is not
acceptable in this use case.

Thanks


More information about the security-dev mailing list