While developing a shared hosting solution for Java applications we have encountered an issue, since users can upload their own jars how do we restrict them from running Linux commands such as df -h or free -g with those jars? Of course we have our permissions situation worked out where they can't go around messing with files outside of their own but these commands are what we're having a problem with.
Asked
Active
Viewed 102 times
2 Answers
2
When you can control over that java virtual maschines, then you can use java policy to specify what is allowed and what not.
With them you restrict access to parts of the file system, specific ports etc.
Here is a good tutorial for these:
http://docs.oracle.com/javase/tutorial/security/tour2/step2.html
But you must enforce the user to run the jvm with the security manager activated. When you can't enforce this, then policies can simple be disabled.
André Schild
- 258
- 3
- 9
1
Every file system tree which those users can write to must be mounted noexec.
You can block access to all binaries for them by creating a group for them and add an ACL enry to /bin, /sbin, /usr/bin [...] which prevents this group from accessing this directory:
for dir in /bin ...; do
setfacl -m g:javausers:- "$dir"
done
You create a new directory /whitelisted_binaries and hardlink all binaries they need (like java itself and make this directory part of the users' $PATH. These hardlinks maybe have to be recreated after package updates.
Hauke Laging
- 5,285
- 2
- 24
- 40