Review the permissions granted to normal JNode applications
Project: | JNode Core |
Component: | Code |
Category: | task |
Priority: | normal |
Assigned: | Unassigned |
Status: | active |
Description
I observe that many plugin descriptors include an "org.jnode.security.permissions" extension to grant permissions required for the code to run. For example, the plugin descriptor for "org.jnode.shell.command" includes:
- class="java.util.PropertyPermission" name="*" actions="read,write"
- class="java.lang.RuntimePermission" name="getProtectionDomain"
- class="java.lang.RuntimePermission" name="createClassLoader"
- class="java.lang.RuntimePermission" name="setContextClassLoader"
- class="java.lang.RuntimePermission" name="modifyThreadGroup"
- class="java.io.FilePermission" name="<" actions="read,write"
- class="org.jnode.security.JNodePermission" name="getVmThread"
- class="org.jnode.security.JNodePermission" name="getVmClass"
- class="java.net.SocketPermission" name="*" actions="resolve"
- class="java.net.SocketPermission" name="*:0-" actions="connect,resolve"
- class="java.lang.RuntimePermission" name="writeFileDescriptor"
- class="java.lang.RuntimePermission" name="readFileDescriptor"
While I don't understand the significance of all of these permissions, it seems peculiar that a Java class would need to granted special permission to read/write files and system properties. Shouldn't these permissions be granted by default, and only removed for application that need to be sandboxed for security reasons?
Someone needs to review the default permissions with a view to tidying up the clutter in the plugin descriptors ... and the need for calls to doPrivileged in various library layers.