costin 01/08/20 22:10:38
Modified: src/share/org/apache/tomcat/modules/config PolicyLoader.java
PolicyInterceptor.java
Log:
Fixes in sandboxing.
Add a message advising to set -Djava.security.policy. On some VMs it is possible
to set it later, but in some it isn't - the right way to run the sandbox is to
make sure a policy is defined.
PolicyInterceptor will enable the sandbox - it is not required if you embed
tomcat and have a different mechanism to set sandboxing. As with other modules,
it just provide a default and/or template for more advanced modules.
Also added a Policy.refresh(), few more log statements.
Updated the default permissions to include read for lib/common and read/apps
( but not read/container, of course ).
Added "getClassLoader" permission by default, it's needed by jaxp, jaxm, etc.
Added a "sandbox" option on PolicyLoader to force the use of the sandbox,
the default is to use it only if a "sandbox" property is set on context manger.
Revision Changes Path
1.2 +15 -4
jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyLoader.java
Index: PolicyLoader.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyLoader.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PolicyLoader.java 2001/01/25 05:07:37 1.1
+++ PolicyLoader.java 2001/08/21 05:10:38 1.2
@@ -83,6 +83,7 @@
public class PolicyLoader extends BaseInterceptor {
String securityManagerClass="java.lang.SecurityManager";
String policyFile=null;
+ boolean sandbox=false;
public PolicyLoader() {
}
@@ -103,6 +104,13 @@
policyFile=pf;
}
+ /** Enable/disable the module, independent of command line
+ options
+ */
+ public void setSandbox( boolean b ) {
+ this.sandbox=b;
+ }
+
static Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat();
public void addInterceptor(ContextManager cm, Context ctx,
@@ -113,12 +121,15 @@
if( ! jdk11Compat.isJava2() )
return;
-
+
+ if( debug > 0 )
+ log("Checking for security manager " + cm.getProperty( "sandbox" ));
// find if PolicyInterceptor has already been loaded
- if( System.getSecurityManager() != null ||
+ if( sandbox ||
+ System.getSecurityManager() != null ||
cm.getProperty("sandbox") != null )
{
- log("Found security manager ");
+ log("Loading sandbox ");
try {
Class c=Class.
forName( "org.apache.tomcat.modules.config.PolicyInterceptor" );
@@ -126,7 +137,7 @@
PolicyLoader policyModule=(PolicyLoader)c.newInstance();
policyModule.setSecurityManagerClass( securityManagerClass);
policyModule.setPolicyFile( policyFile );
-
+ policyModule.setDebug( debug );
cm.addInterceptor( policyModule );
// we could also remove PolicyLoader, since it's no longer
1.11 +39 -14
jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyInterceptor.java
Index: PolicyInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyInterceptor.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- PolicyInterceptor.java 2001/08/12 02:12:20 1.10
+++ PolicyInterceptor.java 2001/08/21 05:10:38 1.11
@@ -94,12 +94,21 @@
policyFile=pf;
}
+ public void addInterceptor(ContextManager cm, Context ctx,
+ BaseInterceptor module)
+ throws TomcatException
+ {
+ // Just override parent
+ }
+
/** Set the security manager, so that policy will be used
*/
public void engineInit(ContextManager cm) throws TomcatException {
if( System.getSecurityManager() != null ) return;
try {
if( null == System.getProperty("java.security.policy")) {
+ log( "Setting java.security.policy. This may fail on some VMs, please"
+ + " set it as a system property before starting tomcat");
File f=null;
if( policyFile==null ) {
policyFile="conf/tomcat.policy";
@@ -113,15 +122,19 @@
try {
policyFile=f.getCanonicalPath();
} catch(IOException ex ) {}
- log("Setting policy file to " + policyFile);
- System.setProperty("java.security.policy",
- policyFile);
+
+ if( debug > 0 )
+ log("Setting policy file to " + policyFile +
+ " tomcat.home= " + System.getProperty( "tomcat.home") );
+
+ System.setProperty("java.security.policy", policyFile);
}
+
Class c=Class.forName(securityManagerClass);
Object o=c.newInstance();
+ Policy.getPolicy().refresh();
System.setSecurityManager((SecurityManager)o);
-
log("Security Manager set to " + securityManagerClass +
" " + System.getProperty("java.security.policy"));
} catch( ClassNotFoundException ex ) {
@@ -140,6 +153,7 @@
Permissions p )
{
if( context.isTrusted() ) {
+ if( debug > 0 ) log( "All permissions for " + context );
AllPermission aP=new AllPermission();
p.add( aP );
return;
@@ -151,8 +165,7 @@
p.add(fp);
// Add default write "-" FilePermission for docBase
- fp = new FilePermission(base + File.separator + "-",
- "write");
+ fp = new FilePermission(base + File.separator + "-", "write");
p.add(fp);
fp = new FilePermission(context.getWorkDir() + File.separator + "-",
"read");
@@ -160,21 +173,33 @@
fp = new FilePermission(context.getWorkDir() + File.separator + "-",
"write");
p.add(fp);
+
+ // Read on the common and apps dir
+ fp = new FilePermission(cm.getInstallDir() + File.separator +
+ "lib" + File.separator + "common" +
+ File.separator + "-",
+ "read");
+ p.add(fp);
+ fp = new FilePermission(cm.getInstallDir() + File.separator +
+ "lib" + File.separator + "apps" +
+ File.separator + "-",
+ "read");
+ p.add(fp);
+
+ RuntimePermission rp = new RuntimePermission("getClassLoader");
+ p.add( rp );
// JspFactory.getPageContext() runs in JSP Context and needs the below
// permission during the init of a servlet generated from a JSP.
PropertyPermission pp = new PropertyPermission("line.separator","read");
- if( pp != null )
- p.add((Permission)pp);
+ p.add(pp);
pp = new PropertyPermission("file.separator", "read");
- if( pp != null )
- p.add((Permission)pp);
+ p.add(pp);
pp = new PropertyPermission("path.separator", "read");
- if( pp != null )
- p.add((Permission)pp);
+ p.add(pp);
- if( debug > 0 || ctx.getDebug() > 0 )
- ctx.log("Permissions " + p );
+ if( debug > 0 || context.getDebug() > 0 )
+ context.log( "permissions " + p );
}
