Beginner question about preventing file access
I want to run a class file with the absolute minimum of security rights. Mostly, I don't want it reading/witting files I don't tell it and I don't want it opening sockets.
My command is this:
"C:\Program Files\Java\jdk1.5.0_04\bin\java.exe" -Djava.security.manager -Djava.security.policy==policy GetProps
GetProps is a class that reads a line from a file and calls System.getProperty() to figure out my OS name.
policy is a policy file I created with nothing inside it.
My output is as follows
You can't see me.!<- That line is from the file.
Caught exception java.security.AccessControlException: access denied (java.util.PropertyPermission os.name read)
It is reading the line from the file (very bad!) but it is throwing an exception when trying to get the OS name. Is there any way I can make it not be able to open files? How?
Thanks in advance!
[919 byte] By [
cep21a] at [2007-10-2 0:43:29]
there are certain default permissions granted to all code by the ClassLoader who loads the code. this is independent from policy (which you have essentially set with no permissions).
specifically, ClassLoaders grant locally loaded code permission to read from the directory (and all subdirectories) from where the code was loaded. note code does not obtain write permissions for the same directories.
code that was loaded over a network is granted SocketPermission to connect back to the host from where it originated, but not any other host.
so if you change GetProps to read a file from a new directory (outside where GetProps itself resides), then you should see a SecurityException for the file read.
there is not a way to prevent this entirely.
what you can do is first execute "trusted" code via the java command. then that trusted code could load the true application code using its own ClassLoader implementation. to make things simpler, your implementation should extend java.net.URLClassLoader, and you should override the getPermissions method to return an empty collection.
then the empty permission collection will be associated with the ProtectionDomain created for classes loaded by your ClassLoader. add this to your empty Policy, and you have achieved a zero-permission solution.
unfortunately there is no simple documentation listing for default permissions. if you rely on the system default policy file, what you'll get is in the java.policy file sitting in the ~jre/lib/security directory of your installation. the default ClassLoader permissions are documented in the java.net.URLClassLoader.getPermissions method javadocs.
