Databases
StackOverflow2013
Postsdbo
POCan I load a Java class in a way that automatically removes its privileges?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POCan I load a Java class in a way that automatically removes its privileges?
    text
    copied!<p>I am working on developing a library that needs to instantiate and return untrusted objects downloaded from an external website. At a high-level, the library works as follows:</p> <ul> <li>Clients of the library requests a class from a remote source.</li> <li>My library instantiates that object, then returns it to the user.</li> </ul> <p>This is a <em>major</em> security risk, since the untrusted code can do just about anything. To address this, my library has the following design:</p> <ul> <li>I enable the <code>SecurityManager</code> and, when instantiating the untrusted object, I use an <code>AccessController</code> to handle the instantiation in a context where there are no privileges.</li> <li>Before returning the object back to the client, I wrap the object in a decorator that uses an <code>AccessController</code> to forward all method requests to the underlying object in a way that ensures that the untrusted code is never run with any permissions.</li> </ul> <p>It occurs to me, though, that this might not be the most elegant solution. Fundamentally, I want to strip away all permissions from any object of any type downloaded from the remote source. My current use of <code>AccessController</code> is simply a way of faking this up by intercepting all requests and dropping privileges before executing them. The <code>AccessController</code> approach also has its own issues:</p> <ul> <li>If the wrapped object has any methods that return objects, those returned objects have to themselves be wrapped.</li> <li>The wrapper code will potentially be thousands of lines long, since every exported method has to be secured.</li> <li>All of the methods exported by the downloaded object have to be known in advance in order to be wrapped.</li> </ul> <p>My question is this: is there a way to load classes into the JVM (probably using a custom <code>ClassLoader</code>) such that any instances of those classes execute their methods with no permissions?</p> <p>Thanks!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload