Sunday, 15 June 2014

Java security policy restrict RuntimePermission exitVM -



Java security policy restrict RuntimePermission exitVM -

i want restrict jvm exit vm via policy file it's not working. can guys please help how restict access in java.io.runtimepermission?

grant { permission java.io.runtimepermission "exitvm", "none"; };

look @ javodoc runtimepermission:

this class runtime permissions. runtimepermission contains name (also referred "target name") no actions list; either have named permission or don't.

thus, "none" action wrong in permission setting.

regarding exitvm permission:

permission target name: exitvm.{exit status}

what permission allows: halting of java virtual machine specified exit status

risks of allowing permission: allows attacker mount denial-of-service attack automatically forcing virtual machine halt. note: "exitvm." permission automatically granted code loaded application class path, enabling applications terminate themselves. also, "exitvm" permission equivalent "exitvm.".

thus valid syntax permission name either of "exitvm", "exitvm.*", "exitvm.n" (where n designates exit code).

the problem here that, stated in doc, the "exitvm.*" permission automatically granted code loaded application class path. if code calls system.exit(...) in main classpath setup on java command line, cannot prevent working. not case if, instance, code calling system.exit(...) loaded separate class loader.

also maintain in mind grant statement granting permissions, not denying them. according this, way deny "exitvm" permission never grant it.

java security jvm

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)