Java Security implemented
Submitted by epr on Sun, 03/14/2004 - 09:59.
Java Security has been implemented and enabled in the CVS HEAD branch. Click here for the documentation.
If you find any AccessControlException which are not supposed to happen, think if you really need these permissions and if so, see the documentation mentioned above for information on how to give permissions to your plugin.
Additional permission checks will be added soon to protect the internals of JNode and the driver architecture. E.g. accessing device's will be guarded soon, to ensure that only the appropriate layer has access to it.
Be careful with giving permissions, because too much permissions undermine to whole concept of security!
- Login to post comments
Problem with 2 way calls: programlibrary ?
My program have these rights:
java.util.PropertyPermission" name="user.home" actions="read" implied by use of JUnit
java.io.FilePermission" name="/junit.properties" actions="read" implied by use of JUnit
java.io.FilePermission" name="/jnode/*" actions="read,write"
The library (JUnit) have these rights:
java.util.PropertyPermission" name="user.home" actions="read"
java.io.FilePermission" name="/junit.properties" actions="read"
The problem is : the class TestCase (from JUnit) do an invoke on a class (of my program) that inherits from TestCase.
So, JUnit also need the permission :
java.io.FilePermission" name="/jnode/*" actions="read,write"
Conclusion : These kind of library can't have less rights than its user.
If there are many different users, the library need to have the sum of all the rights of its users !
I think it's a problem. What is the solution ?
Create a priviledged action
In your test method create a priviledged action and run it via
AccessControl.doPriviledged(..)
Ewout
FilePermission: implicit access to subdirectories ?
I have found by running JUnit, that it can't read its own property file.
Here is the exception I had:
java.io.FilePermission: /junit.properties read not granted due to junit.runner.BaseTestRunner
Here is what the SUN spec say about FilePermission :
And finally, note that code always automatically has permission to read files from its same (URL) location, and subdirectories of that location; it does not need explicit permission to do so.
So, I had to give EXPLICIT permission.
Probably a bug
This is probably a bug, because i've not actively programmed that behaviour.
I've been able to run tests without this exception.
Please specify what you've done.
Ewout
Not so sure it's a bug
I'm sure this behaviour is also present in the Sun implementation.
I added permission step by step
When I tried to run JUnit under JNode, I wasn't aware about security and permission.
So, I used it and, after each security exception, I added the needed permission.
After things are working, I saw the SUN spec and found this bug.
I've noticed that as well
I've noticed that as well. I think the default file permissions are only defaults, and the presence of any policy overrides them....I think.