On Nov 23, 2006, at 11:40 AM, Roman Kennke wrote:
We are using the SystemProperties class throughout the Classpath
code to
access system properties and avoid the security checks in
java.lang.System. However, I come to think that this is no good the
way
it is. This class is public and nothing prevents use of this class
from
application code. This way it'd very easy for an application to
cirumvent the protection in java.lang.System by using the
SystemProperties class directly. Not that I think that GNU Classpath
would be an interesting target for attacking, but shouldn't we avoid
such issues from the start? Please correct me if I missed some
important
aspect here.
The mechanism is all there, just some stuff is missing at the moment.
It seems like what we need to do is:
1. Provide reasonable defaults for the *security* properties
"package.access" and "package.definition". These should include
"gnu.classpath", at least. An alternative would be to *always* deny
certain package accesses/defintions in SecurityManager.checkPackageList.
2. The default Policy class should be gnu.java.security.PolicyFile
(which reads a real policy file) instead of
gnu.java.security.provider.DefaultPolicy (which allows everything).
The attached patch does this. The test case you posted to PR 29960
succeeds (by not allowing access to gnu.classpath.SystemProperties)
with it.
Cheers.
### Eclipse Workspace Patch 1.0
#P classpath
Index: java/security/Security.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/security/Security.java,v
retrieving revision 1.44
diff -u -r1.44 Security.java
--- java/security/Security.java 29 Apr 2006 06:16:09 -0000 1.44
+++ java/security/Security.java 25 Nov 2006 06:11:11 -0000
@@ -73,6 +73,9 @@
static
{
+ secprops.put("package.access", "gnu.classpath.");
+ secprops.put("package.definition", "gnu.classpath.");
+
String base = SystemProperties.getProperty("gnu.classpath.home.url");
String vendor = SystemProperties.getProperty("gnu.classpath.vm.shortname");
Index: java/security/Policy.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/security/Policy.java,v
retrieving revision 1.14
diff -u -r1.14 Policy.java
--- java/security/Policy.java 19 Jan 2006 09:51:53 -0000 1.14
+++ java/security/Policy.java 25 Nov 2006 06:11:11 -0000
@@ -183,7 +183,7 @@
}
if (currentPolicy == null)
- currentPolicy = new gnu.java.security.provider.DefaultPolicy();
+ currentPolicy = new gnu.java.security.PolicyFile();
}
return currentPolicy;
}
