On 2008.12.11., at 12:55, [EMAIL PROTECTED] wrote:
On Dec 11, 3:16 am, Attila Szegedi <[EMAIL PROTECTED]> wrote:
Hi there,
I'll take a shot, as the party guilty of bringing
PolicySecurityController into existence...
As far as the PolicySecurityController and the policy file are
concerned, I think you're doing it completely correctly. That's the
way to do it -- you gave all permissions to the code you trust, and
no
permissions to other code. Writing to System.out is however never
subject to a security check.
If you want to disallow access to java.* Packages.* etc, just remove
them from the scope after you invoked initStandardObjects()
It's very late here and I'm barely awake right now, so I won't
elaborate further at the moment -- if you'd need further information,
please shout and I'll try to follow up tomorrow.
Attila.
--
home:http://www.szegedi.org
twitter:http://twitter.com/szegedi
weblog:http://constc.blogspot.com
That's progress, I suppose. :-)
My instinct tells me that what I should do, then, is do
initStandardObjects() and then iterate over all symbols in the scope,
removing (using Scriptable.delete() if that guess isn't wrong)
Correct.
any
that don't appear in, for example, the Standard Objects list
(<https://
developer.mozilla.org/en/
Core_JavaScript_1.5_Reference#Standard_global_objects>) instead of
specifically removing java, Packages, sun, and so forth, because I'm
paranoid like that...
A whitelist is better than a blacklist for the paranoid type, yes. :-)
Is there any straightforward way to voluntarily forbid actions that
would normally pass unchecked, like the aforementioned stdio?
None I'd know of. But once you no longer even have the ability to
reference System.out from your JS code, the issue becomes moot,
doesn't it? (I know, you're paranoid.)
Security works best if the guards are as close to the guarded as
possible... Since there are no built-in checks on writing to stdout, I
don't think you can arrive at a robust solution that couldn't be
cleverly circumvented.
(System.setIn()/setOut()/setErr() are subject to security check though.)
In any case, thanks a zillion; I think I can begin to move forward to
the next roadblock.
Glad if I could have helped.
Attila.
danx
dro
_______________________________________________
dev-tech-js-engine-rhino mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
