[External] : Re: JEP411: Missing use-case: Monitoring / restricting libraries
Ron Pressler
ron.pressler at oracle.com
Wed May 12 21:50:59 UTC 2021
P.S.
Sorry, I just realised I used the word “process” in 1 and 2 with different meanings. In 1 I meant an
OS process running Java; in 2 I merely meant a Java mechanism (as opposed to an OS mechanism).
> On 12 May 2021, at 22:49, Ron Pressler <ron.pressler at oracle.com> wrote:
>
>
>
>> On 12 May 2021, at 22:41, Peter Tribble <peter.tribble at gmail.com> wrote:
>>
>>
>> Let me give a concrete example:
>>
>> Parsing and rendering a PDF file that may contain references to fonts or other resources.
>> We know exactly where the files are installed, so wish to allow the rendering routine access
>> to the fonts it will need. But not to any other files, and not (normally) to network resources at
>> all. Note that we trust the code, but not necessarily the document it's parsing. (Although the
>> document itself may be perfectly well formed - document formats often allow embedding
>> references to 3rd-party objects, undesirable as that may be.)
>>
>
> Thank you. Let me ask you this, then:
>
> 1. Would allowing access to certain files and no network for the *entire* application be
> sufficient? Consider that you can run some code in a separate Java process with OS protections.
> If not, why not?
>
> 2. Would turning such access on and off for the entire application through some Java process
> be sufficient?
>
> 3. Would controlling such access on a per-thread basis be sufficient?
>
> Please don’t read 2 or 3 as some concrete proposals; I’m just trying to understand the requirements.
>
> — Ron
>
More information about the security-dev
mailing list