Igor Bukanov wrote:
On Thu, 05 Feb 2004 11:03:36 -0500, "Thomas DeWeese"
<[EMAIL PROTECTED]> said:
... however my
understanding is that script security is implemented using the Java
2 Security model in particular it puts _all_ the rhino classes in the
sand box[*]. I'm sure that a second set of eyes looking at this to
make sure we are doing it correctly would be greatly appreciated.
This can not be true as far as I can see. From Rhino usage in
RhinoInterpreter it follows that Batik uses the default compilation mode
in Rhino that compiles JavaScript to JVM bytecode, loads the generated
classes and then let JVM execute them. It means that Rhino classes can at
least create ClassLoader instances.
Actually Batik gives the Rhino interpreter the class loader to use.
So the class loader is from the Batik Context not the Rhino context.
The Class loader also appears to associate an appropriate code source
(i.e. the document's URL) with the created classes.
Now due to bugs in class loader implementations in many released JVMs
(Sun JVMs <= 1.4.1 that I checked has this bug) it also means that Rhino
code can potentially gain AllPermissions. This is in turn means that pure
JavaScript script can gain AllPermissions due to problematic
implementation of SecurityController.
I guess I am unaware of these bugs - do they rely on being able
to create a class loader? If so the Rhino code is not allowed to do
so.
[*] This does have some unfortunate side effects like the debugger
can only be used when 'secure scripting' is off - not usually a
problem since most people debug there own code - but still annoying.
What exactly the problem with it?
The Debugger wants to access some properties it's not allowed to
(home comes to mind).
Regards, Igor
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
