Changing Java Security Policy

[CalAmity!]

Hi all,

I have a question.
Can we change the java security policy once I have started executing
java code.
Or simply put - Can I change the security policy from within a java
program ??

Thanks,
Amit

 

[Tom Hawtin]

Can we change the java security policy once I have started executing
java code.
Or simply put - Can I change the security policy from within a java
program ??

Yes...

.... but you require the relevant security permissions to do it.

Java Security is a non-trivial subject.

Tom Hawtin

 

[Andrew Thompson]

..Can I change the security policy from within a java
program ??

Here is an example of replacing the current
security manager with one that is more strict..
<http://groups.google.com/group/comp.lang.java.programmer/msg/
f29ab45389d9f5f2>

HTH

Andrew T.

 

[CalAmity!]

Yes...

... but you require the relevant security permissions to do it.

Java Security is a non-trivial subject.

Tom Hawtin

How ?? Can you please elaborate.

 

[Tom Hawtin]

Here is an example of replacing the current
security manager with one that is more strict..
<http://groups.google.com/group/comp.lang.java.programmer/msg/
f29ab45389d9f5f2>

And here's an example of the opposite...

http://jroller.com/page/tackline?entry=mixed_certification_an_example
http://jroller.com/page/tackline?entry=system_setsecuritymanager_null

Tom Hawtin

 

[Andrew Thompson]

How ?? Can you please elaborate.

Can you please fix that sticky '?' key?
(See my post for link to an SSCCE.)

Andrew T.

 

[CalAmity!]

Can you please fix that sticky '?' key?
(See my post for link to an SSCCE.)

Andrew T.

Uhhh...
Ok - let me elaborate more.
Say I write a java class.
I launch the class from command-line enabling java security.
*Now* - say I wanna load a different policy for my java security
through this class while it is still executing.
Is that possible ?

Thanks in advance.

 

[Andrew Thompson]

Ok - let me elaborate more.

Oh, you have decided to 'toss us another
morsel of your delicious question', is
that it?

<DWS>
How nice of you..
</DWS>

How about, instead of this cat and mouse
crap, you tell us. What you are trying to
achieve for the end user? What ability do
you wish to deliver to the end user, by
'changing' the security environment after
application start-up?

Andrew T.

 

[CalAmity!]

Oh, you have decided to 'toss us another
morsel of your delicious question', is
that it?

<DWS>
How nice of you..
</DWS>

How about, instead of this cat and mouse
crap, you tell us. What you are trying to
achieve for the end user? What ability do
you wish to deliver to the end user, by
'changing' the security environment after
application start-up?

Andrew T.

Andrew - you are such an *ASSHOLE*.
Why don't you SHUT THE **** UP if you don't have a solution.

Stop enlightening us with your SILLY remarks!
Jerk!!

 

[Andrew Thompson]

....
And here's an example of the opposite...

http://jroller.com/page/tackline?en...tackline?entry=system_setsecuritymanager_null

I only checked one of the URL's, but all I
saw was an *assertion*. The assertion was
that this line of code..
System.setSecurityManager(null);
...could be called from within an applet to
remove the security manager.

OK - lets turn that into a simple *example*.

<sscce>
import java.applet.Applet;

public class NoSecurityApplet extends Applet {
public void init() {
try {
System.out.println("java.version: " +
System.getProperty("java.version") );
System.setSecurityManager(null);
} catch(Throwable t) {
t.printStackTrace();
}
}
}
</sscce>

Both AppletViewer and IE produced similar
results, here is the output from AppletViewer.

java.version: 1.6.0
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
setSecurityManager)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:
323)
at
java.security.AccessController.checkPermission(AccessController.java:
546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:
532)
at java.lang.System.setSecurityManager0(System.java:273)
at java.lang.System.setSecurityManager(System.java:264)
at NoSecurityApplet.init(NoSecurityApplet.java:8)
at sun.applet.AppletPanel.run(AppletPanel.java:417)
at java.lang.Thread.run(Thread.java:619)

So. I feel fairly confident in calling
that assertion 'a load of old cobblers'.
If it was a security bug in some obscure
old version of the JVM - it has apparently
been fixed* (as I would have expected).

( * Fortunately, to spare us the the idiotic
games of people like this foul mouthed OP.

Andrew T.

 

[Andrew Thompson]

http://jroller.com/page/tackline?entry=mixed_certification_an_example

But I have to admit, I do not yet understand
this one. If the app. has already been granted
full permissions (as the example mentions), I
would expect it to be able to ..
- change security managers at any time
- edit policy files at will
- upload all your private information to a
malicious site,
- wipe parts of your drives,
- ...

Why would it be amazing that it can have
further effects on security?

Andrew T.

 

[Andrew Thompson]

I only checked one of the URL's, ..

...and the rest of this post was actually about
the *other* one (D'Oh!). That URL was..
<http://jroller.com/page/tackline?
entry=system_setsecuritymanager_null>

..here is the output..

...and some more, from the other two VM's
I have lying around, which can be called up
in a browser (or a close facsimile of a
browser, as the case may be).

MSVM (build 3810, AFAIU - 'Release 5.0.0.3310')
________________________________________________________
java.version: 1.1.4
java.lang.SecurityException: SecurityManager already set
at java/lang/System.setSecurityManager
at NoSecurityApplet.init
....

Symantec VM
________________________________________________________
Netscape Communications Corporation -- Java 1.1.5

Type '?' for options.

Symantec Java! ByteCode Compiler Version 210.065
Copyright (C) 1996-97 Symantec Corporation
java.version: 1.1.5

java.lang.SecurityException: SecurityManager already set
at java.lang.Throwable.<init>(Compiled Code)
....

Andrew T.

 

[Tom Hawtin]

I only checked one of the URL's, but all I
saw was an *assertion*. The assertion was
that this line of code..
System.setSecurityManager(null);
..could be called from within an applet to
remove the security manager.

Funnily enough, you have to sign the class (and accept the certificate).

Then non-signed code in the same JVM has full reign.

So if Alice signs a class that clears the security manager. Bob accepts
classes signed by Alice, and so drops his security. Eve produces
malicious classes that make use of Bob's lack of security.

So. I feel fairly confident in calling
that assertion 'a load of old cobblers'.
If it was a security bug in some obscure
old version of the JVM - it has apparently
been fixed* (as I would have expected).

It's not a bug in the JVM. It's a flaw in the signed code. Any
certificate that has ever been used to sign this sort of code must, in
my personal opinion, be revoked.

Tom Hawtin

 

[Tom Hawtin]

But I have to admit, I do not yet understand
this one. If the app. has already been granted
full permissions (as the example mentions), I
would expect it to be able to ..
- change security managers at any time
- edit policy files at will
- upload all your private information to a
malicious site,
- wipe parts of your drives,
- ...

Why would it be amazing that it can have
further effects on security?

If the classes granted full permission interfere with the process'
security, then other 'untrusted' classes running in the same process can
e-mail your credit card details to Eastern Europe, your porn stash to
your boss, etc.

Tom Hawtin

 

[Joshua Cranmer]

Andrew - you are such an *ASSHOLE*.
Why don't you SHUT THE **** UP if you don't have a solution.

Stop enlightening us with your SILLY remarks!
Jerk!!

They're not silly: they're trying to be informative. "Java security" is
a broad topic, so asking "How do I do XXX in Java security" is often
times too vague to answer fully. By providing more forthcoming
information, the respondents to your questions are able to guide you in
a way that might be more sensibly-minded than a kludgy method by a user
who is less informed of the available APIs.

Included in the rules of good question-asking are:
@ Try to be as complete as possible.
@ Don't try and diagnose your own problem.

Finally, I should add this: there was no warrant for vehemently swearing
at Andrew. He was trying to be helpful, and you just blasted away at
him. Perhaps you might want to listen to your own remarks?

 

[Lew]

Andrew - you are such an *ASSHOLE*.
Why don't you SHUT THE **** UP if you don't have a solution.

Stop enlightening us with your SILLY remarks!
Jerk!!

How about instead of name-calling and abuse, you provide enough information
for people actually to help you?

Potty mouth.

-- Lew

 

[Andrew Thompson]

If the classes granted full permission interfere with the process'
security, then other 'untrusted' classes running in the same process can
e-mail your credit card details to Eastern Europe, your porn stash to
your boss, etc.

Thanks for clarifying. That makes it somewhat
clearer to me.

That is not good, but OTOH, it is a relatively
specific and (I imagine) rare circumstance.
Each web start app. gets its own JVM, doesn't
it?

Andrew T.

 

[pkriens]

Hi all,

I have a question.
Can we change the java security policy once I have started executing
java code.
Or simply put - Can I change the security policy from within a java
program ??

Yes, you can. However, not as some suggest by changing the security
manager. That is a singleton that can be set once.

So changing the policy dynamically on the fly requires collaborating
Protection Domains, which are used by the classloaders to check the
security. Though the Policy class can be replaced to provide new
policies, this is usually a one tome case only.

If you have a strong need for this, I suggest you take a look at the
OSGi Service Platform. (www.osgi.org) which is build into Eclipse. In
this platform there are two different security admin services:
ConditionalPermissionAdmin and PermissionAdmin. These services allow
you to set the permissions of a bundle/jar on the fly and as many
times as you like. New permissions take effect immediately.

Kind regards,

Peter Kriens