4

If I set a security manager, for example:

private static class SecManager extends SecurityManager {
...
}

With:

System.setSecurityManager(new SecManager());

Which permission can I use (or rather prevent), to stop code further down the line setting the security manager again, with elevated permissions.

I am looking for a method like:

private static class SecManager extends SecurityManager {
    @Override
    public void checkSetSecurityManager(SecurityManager manager){
        throw new AccessControlException("Not allowed to set new security Manager);
    }
 }

But of course, the checkSetSecurityManager doesn't exist, so i'm not sure exactly what to look for or how to deny that permission.

I would like to use the security manager to allow me to run some untrusted code, but I obviously don't want that code to be able to set it's own security manager. I did consider doing this at the OS level (create a new user for each bit of code), but that seems a little overkill. Instead, I run my own java main, which sets a security manager, then runs the untrusted code within the same JVM. I have made sure their code cannot start new processes already (as this would circumvent the security manager), but I need to make sure they cannot override the existing security manager.

I also use checkWrite and checkRead to make sure the code can only read/write in a certain dir.

Any help is much appreciated.

Thanks,

ThePerson
  • 3,048
  • 8
  • 43
  • 69

1 Answers1

3

The following website https://www.securecoding.cert.org/confluence/display/jg/20.+Create+a+secure+sandbox+using+a+security+manager says the following about this:

If the current security policy enforced by the current security manager forbids replacements (by omitting the RuntimePermission("setSecurityManager")), any attempt to invoke setSecurityManager() will throw a SecurityException.

So it looks like the checkPermission() method is the place to check for this.

The Javadoc for RuntimePermission has a list of possible values to check for if other critical methods should be catched as well: https://docs.oracle.com/javase/7/docs/api/java/lang/RuntimePermission.html

cello
  • 5,356
  • 3
  • 23
  • 28
  • I think this is it, so I now check permission.getAction isn't "setSecurityManager", I will do some testing but this link (and your help) seem to have pointed me in the right direction. Thanks! – ThePerson Nov 20 '14 at 14:54