-2

im not sure java securityManager can help till now, since i saw the normal usage is NOT accepted, please correct me if im wrong:

  1. set securitymanager in java code and take effect to defend the external exploit code, while it looks easy to bypass if someone can fully control the original code, right?
  2. launch java with securityManager policy file, which would hava the same issue as above.
AstroCB
  • 12,337
  • 20
  • 57
  • 73
euse
  • 1
  • 3

1 Answers1

0

It is possible to sandbox Java code (barring the inevitable exploits), but it is very tricky and complicated to do.

The basic idea is to dynamically intercept all sensitive function calls, including reflection and classloading. You need to rewrite all loaded classes to call your safe wrapper instead of the actual functions, and then make sure that your reflection wrappers correctly reflect on themselves.

However, this is very easy to mess up. Java's attack surface is massive (18k classes in the standard library alone) and the native permissions model is horribly broken. Bigger companies than you have tried and failed to create a secure Java sandbox.

Antimony
  • 37,781
  • 10
  • 100
  • 107