Re: [equinox-dev] Enabling security in Equinox
On Oct 30, 2009, at 1:31 , tom@oracle.com tom@oracle.com wrote: Hi all, I now realized that I need to provide system permissions for the Conditional Permission Admin service in order to secure behaviors of some installed bundles. Please confirm my understanding: 1. The example showed in the PDF seem to suggest achieving this using privileged bundle to assign restricted permission objects for the new bundles. 2. #1 approach needs to be done programmatcally? Yes, in various places in the OSGi specification, a bundle called the management agent is mentioned. This bundle has a couple of responsibilities (scattered throughout the spec) and one of them is to setup and maintain security policies. 3. Is there a way to achieve the restriction of bundles coming from known location A to have a limited set of permissions with a configuration file like custo_java.policy? Not that I know of, you'd have to do that programmatically. Greetings, Marcel ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev
Re: [equinox-dev] Enabling security in Equinox
On Oct 30, 2009, at 8:53 , David Conde wrote: IF you do not want to do it programatically, you should use Local Permission which are defined in permissions.perm file. I think this restriction in Conditional Permission is because of security matters. Local permissions only allow a bundle to declare to the framework the permissions it wants. The framework then makes sure it will never get more than that (but maybe less). This is a good way to prevent having to audit third party bundles/code before accepting it, but I don't think it's a solution to prevent having to setup security. Greetings, Marcel ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev
[equinox-dev] Support for launching with just (Conditional) Permission Admin?
The OSGi security model started out with the Permission Admin service. Lateron, the Conditional Permission Admin was added. Frameworks are allowed to publish: - none of these services (the default, no security is active); - just Permission Admin (the older model); - just Conditional Permission Admin (encouraged, the new way to do it); - both Permission Admin and Conditional Permission Admin (most compatible option, with some special restrictions). My question: I can run both without and with both services published, but does equinox also allow me to run with just PermissionAdmin or ConditionalPermissionAdmin? If so, how? ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev
Re: [equinox-dev] Signed bundles
Hello Thomas, I'm trying your suggestions: java -Dosgi.signedcontent.support=true -Djava.security.policy= -jar org.eclipse.osgi_3.4.0.v20071207.jar -console From what I understand that should give me a framework with security and signed bundle support, but when I try that and type services from the equinox console, I don't get a (Conditional)PermissionAdmin service. Greetings, Marcel On Feb 6, 2008, at 15:43 , Thomas Watson wrote: The option to enable signed bundles in 3.3 is osgi.support.signature.verify (notice support and signature are reversed). In 3.4 we are introducing a more general option called osgi.signedcontent.support which does not have simple true|false options, but we will continue to recognize the old 3.3. option. Matt is documenting the security options in https://bugs.eclipse.org/bugs/show_bug.cgi?id=217765 The internal security manager class is needed to fully support postponed conditions in ConditionalPermissionAdmin. If postponed conditions are not needed then simply enabling the security manager with -Djava.security.policy= will enable the built-in security manager which will satisfy most needs. There is an option called eclipse.security. This option is used by the launcher jar to setup a policy to grant the framework and the launcher AllPermissions and specify the security manager to use. Unfortunately this still requires a reference to an internal class if you want to load a security manager to support postponed conditions. I've opened a bug to investigate making this easier. Perhaps eclipse.security manager can have a value that indicates the framework should load its internal security manager. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=218001 . Tom graycol.gifJeff McAffer ---02/06/2008 07:47:10 AM---Marcel Offermans wrote: ecblank.gif From: ecblank.gif Jeff McAffer [EMAIL PROTECTED] ecblank.gif To: ecblank.gif Equinox development mailing list equinox-dev@eclipse.org ecblank.gif Date: ecblank.gif 02/06/2008 07:47 AM ecblank.gif Subject:ecblank.gif Re: [equinox-dev] Signed bundles Marcel Offermans wrote: So, reiterating, if I want to run Equinox with OSGi security enabled and have it use my own keystore, I have to start it like this (formatted a bit for clarity, but typed as one big line): java - Djava .security .manager =org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager -Djava.security.policy=policy -Dosgi.framework.keystore=keystore -Dosgi.signature.support.verify=true -jar org.eclipse.osgi_3.4.0.v20071207.jar -console -consoleLog Basically, I'm asking how Equinox is being run to be compliant with OSGi security. Is the above line accurate? Seems complicated and requires people to reference internal classes etc. Could be wrong but I remember it being simipler Jeff ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev
Re: [equinox-dev] Signed bundles
Hello Thomas, On Feb 7, 2008, at 15:18 , Thomas Watson wrote: Seem that we keep giving you the wrong options!!! :) Please try this on the latest I-Build of 3.4. The v20071207 version of org.eclipse.osgi was before we released some of the new signed bundle support. Thanks, that works fine now! Greetings, Marcel ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev
[equinox-dev] Signed bundles
After succeeding in getting Equinox to run with security on, I'm now experimenting with signed bundles. First I made a new keystore, using the standard java keytool, like this: keytool -genkey -alias myalias -keystore keystore I created a bundle using Eclipse's PDE, and used the Export function to create a signed bundle, pointing to my freshly created keystore, specifying the alias and password. Now my question is, how do I configure equinox to use my keystore? I want to use it in combination with PermissionAdmin and an AdminPermission that filters on the signer (using a condition like (signer=\*, o=mycompany)). All I can find is documentation on how to use the jarverifier (http://dev.eclipse.org/viewcvs/indextech.cgi/equinox-home/security/verifier.html ) which states I can use a osgi.framework.keystore property to point to my store. What I don't know is: a) do I need this jarverifier at all? I am assuming that just starting equinox with security should be enough; b) is that property also applicable if you're not using the jarverifier? c) how do I specify alias and password for the store? Any pointers to information about this would be nice too! :) Greetings, Marcel ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev
Re: [equinox-dev] Equinox with OSGi security?
Hello Thomas, Thanks a lot, now it works! Greetings, Marcel On Jan 24, 2008, at 19:09 , Thomas Watson wrote: The eclipse.security is only used by the org.eclipse.equinox.launcher jar. The eclipse.security option is used by the launcher bootstrap code to indicate that it should setup a policy which grants itself and the framework ALLPermissions. Then it sets the java.security.manager to the value of eclipse.security. Later when the Framework launches it actually will install the SecurityManager to enable security. When running without the launcher you need to do a bit more work to setup your policy file. You can use a very simple policy which grants AllPermissions to everything like this ... ## BEGIN POLICY FILE ## grant { permission java.security.AllPermission; }; ## END POLICY FILE ## You would then launch equinox with the following command: java - Djava .security .manager =org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager - Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107.jar -console The java.security.manager property tells the VM what security manager to load. The java.security.policy property tells the VM what policy to load to grant permissions. Note that the permissions granted to the bundles installed into the framework are controled by the PermissionAdmin and ConditionalPermissionAdmin services. By default these services will grant all bundles AllPermissions. ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev
[equinox-dev] Equinox with OSGi security?
I would like to run Equinox with OSGi security (PermissionAdmin, ConditionalPermissionAdmin) enabled. I read the quickstart guide here: http://www.eclipse.org/equinox/documents/quickstart.php I even found some reference to a property to set that should enable security: - Declipse .security =org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager However, if I just run the Equinox framework like described in the quickstart guide with that property, I still do not get any security related service. Am I missing some piece of documentation here? It should not be too hard to run with security, right? Greetings, Marcel ___ equinox-dev mailing list equinox-dev@eclipse.org https://dev.eclipse.org/mailman/listinfo/equinox-dev