0

I plan on allowing users of my program to create their own subclasses to use as modules in my program. I've always read that classloaders were insecure, and I completely understand why. What I want to know is if I'm able to use something similar to SecurityManager to allow loading a class, but restricting its access to other packages within the project, and the jdk. My users should only need certain libraries to create their modules, but I cannot just have them injecting malicious code into the program.

Is it possible to use SecurityManager or something similar to do this?

Kristoff
  • 167
  • 3
  • 13
  • 1. By default, the security manager doesn't disable class loading. 2. Class loading is "insecure" because it allows anyone to execute arbitrary code. As long as you trust your users, it's safe enough. – markspace Apr 27 '17 at 23:25
  • I don't trust my users though. I would like to be able to restrict access to certain classes. I trust the majority of my users, but I am aware of a few that are not so trustworthy. – Kristoff Apr 27 '17 at 23:26
  • There you should not allow any code to be executed, classes or otherwise. There's no way to make this 100% safe. I guess that's your answer: no you can't make arbitrary code execution safe; there's always risk. – markspace Apr 27 '17 at 23:27
  • I'd imagine reflection may be an answer. I feel like there may still be a way to do this. – Kristoff Apr 27 '17 at 23:31
  • Instead of letting users add arbitrary Java classes to your program, you better create a domain specific language and let them create "plugins" with that. – Alex Oliveira Apr 28 '17 at 00:23
  • That’s exactly what `SecurityManager` was made for. Explaining the concepts is way too broad for a Q&A and there are documentation and tutorials about this topic. The short answer is, yes it’s possible to use a `SecurityManager` to restrict the permissions for code loaded from a specific source (or better the other way round, allow permissions for your application and the JRE only), as that’s the primary purpose of it. – Holger May 03 '17 at 17:42

0 Answers0