Security and running commands.
Project: | JNode Core |
Component: | Code |
Category: | task |
Priority: | normal |
Assigned: | Unassigned |
Status: | active |
Last night, I was trying to figure out why a Command class had started dying with SecurityExceptions after I converted it to use the new syntax mechanisms. The reason is that the CommandInvokers deal with the 'public static void main(...)' and 'execute(...)' entry points differently from the security perspective. A 'main' entry point is called using 'AccessController.doPrivileged(...)' but an 'execute' entry point is called directly. I'm going to temporarily change the CommandInvokers to use 'doPrivileged' for both entry points. However, I don't think this is correct.
In the long term we need a better way to manage security for commands. It is a bad idea to remove all security restrictions when running commands. Rather, we need a way to selectively grant permissions, based on the command (is it trusted?) and the user (is he/she running with elevated ... or restricted ... privileges).
This is an issue that needs to be properly thought through ... and then the solution needs to be carefully implemented.