JEP411: Missing use-case: Security Manager and Java Scripting (JSR 223)

Alexey Shponarsky alexey.shponarsky at jelastic.com
Wed Jul 21 16:35:12 UTC 2021


Hello,

At Jelastic PaaS, we are using SecurityManager within Java Scripting (JSR
223). Specifically, Java Scripting allows us and our customers to easily
extend the core platform functionality with custom logic. The developers
can execute their custom scriptlets inside a Java Scripting runtime
environment with pre-injected core platform API methods. For example,



//@req(pathFrom, pathTo)

var mountFrom = "${nodes.build.first.id}",

envName = "${settings.targetEnv}",

mountTo = "cp";

var resp = jelastic.env.file.RemoveMountPointByGroup(envName, session,
mountTo, pathTo);

if (resp.result != 0) return resp;

return jelastic.env.file.AddMountPointByGroup(envName, session, mountTo,
pathTo, 'nfs', null, pathFrom, mountFrom, '', false);



As Java Scripting engine / technology provides quite powerful runtimes, we
have to restrict certains actions such as execution of any reflection
methods, change of any system environment variables, exit, calling some
dangerous static methods, reading files outside of the sandbox folder, etc.
The SecurityManager mechanism provided an ability to configure permissions
easily.



To achieve this we create an instance of AccessControlContext with required
permissions and pass it to AccessController.doPrivileged
<https://docs.oracle.com/javase/8/docs/api/java/security/AccessController.html#doPrivileged-java.security.PrivilegedAction-java.security.AccessControlContext->
method:



//Create list of Permission:

Collection<Permission> perms = new LinkedList<Permission>();

perms.add(new RuntimePermission("createClassLoader"));

perms.add(new RuntimePermission("getClassLoader"));

perms.add(new RuntimePermission("accessDeclaredMembers"));

perms.add(new RuntimePermission("getProtectionDomain"));

perms.add(new PropertyPermission("*", "read"));

perms.add(new SocketPermission("*", "connect,accept,resolve"));

perms.add(new SocketPermission("localhost:0-",
"connect,accept,resolve,listen"));





//Create AccessControlContext

ProtectionDomain domain = new ProtectionDomain(new CodeSource(null, (
Certificate[]) null), perms);

AccessControlContext acc = new AccessControlContext(new ProtectionDomain[]{
domain});



//Run untrusted code using created AccessControlContext

@Override

public ScriptEvalResponse call() throws Exception {

   Object obj = AccessController.doPrivileged(new PrivilegedAction<Object>()
{



       @Override

       public Object run() {

           try {

               Object response = compiledScript.eval(ctx);

               ScriptEvalResponse evalResponse = new ScriptEvalResponse(
Response.OK);

               evalResponse.setResponse(response);

               return evalResponse;

           } catch (Exception ex) {

               logger.debug("Error occurred during eval script:", ex);

               return ex;

           }

       }

   }, acc);

   if (obj instanceof Exception) {

       throw (Exception) obj;

   }

   return (ScriptEvalResponse) obj;

}





How can we implement a similar solution after the removal of
SecurityManager? Could you help us to find an alternative?


-- 

Alexey Shponarsky Director of R&D
Twitter <https://twitter.com/Jelastic>  Facebook
<https://www.facebook.com/Jelastic/>  YouTube
<http://www.youtube.com/user/JelasticCloud>  LinkedIn
<https://www.linkedin.com/company/2426564/> Google+
<https://plus.google.com/+JelasticInc>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210721/f06485cf/attachment.htm>


More information about the security-dev mailing list