[External] : Re: JEP411: Missing use-case: Monitoring / restricting libraries
Ron Pressler
ron.pressler at oracle.com
Wed May 12 21:49:27 UTC 2021
> On 12 May 2021, at 22:41, Peter Tribble <peter.tribble at gmail.com> wrote:
>
>
> Let me give a concrete example:
>
> Parsing and rendering a PDF file that may contain references to fonts or other resources.
> We know exactly where the files are installed, so wish to allow the rendering routine access
> to the fonts it will need. But not to any other files, and not (normally) to network resources at
> all. Note that we trust the code, but not necessarily the document it's parsing. (Although the
> document itself may be perfectly well formed - document formats often allow embedding
> references to 3rd-party objects, undesirable as that may be.)
>
Thank you. Let me ask you this, then:
1. Would allowing access to certain files and no network for the *entire* application be
sufficient? Consider that you can run some code in a separate Java process with OS protections.
If not, why not?
2. Would turning such access on and off for the entire application through some Java process
be sufficient?
3. Would controlling such access on a per-thread basis be sufficient?
Please don’t read 2 or 3 as some concrete proposals; I’m just trying to understand the requirements.
— Ron
More information about the security-dev
mailing list