RFD: Services lockdown for security providers

Peter Firmstone peter.firmstone at zeus.net.au
Wed May 24 23:05:36 UTC 2023


Or this, which is an example of limiting a codebase by it's SHA-384 
signature:

https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#L2241

-- 
Regards,
  
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.

On 25/05/2023 8:48 am, Peter Firmstone wrote:
> These are examples of how we currently lock down the JVM, to limit 
> providers, policy files are generated using a tool, it may do as an 
> interim control measure, until something else is provided, it is of 
> course a deprecated feature, subject to future removal, but it may do 
> the job temporarily, without introducing code dependencies.
>
> https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#LL194C27-L194C27 
>
>
> https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#L621 
>
>
> https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#L644 
>
>
> https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#L688 
>
>


More information about the security-dev mailing list