costin 01/08/20 22:10:38 Modified: src/share/org/apache/tomcat/modules/config PolicyLoader.java PolicyInterceptor.java Log: Fixes in sandboxing. Add a message advising to set -Djava.security.policy. On some VMs it is possible to set it later, but in some it isn't - the right way to run the sandbox is to make sure a policy is defined. PolicyInterceptor will enable the sandbox - it is not required if you embed tomcat and have a different mechanism to set sandboxing. As with other modules, it just provide a default and/or template for more advanced modules. Also added a Policy.refresh(), few more log statements. Updated the default permissions to include read for lib/common and read/apps ( but not read/container, of course ). Added "getClassLoader" permission by default, it's needed by jaxp, jaxm, etc. Added a "sandbox" option on PolicyLoader to force the use of the sandbox, the default is to use it only if a "sandbox" property is set on context manger. Revision Changes Path 1.2 +15 -4 jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyLoader.java Index: PolicyLoader.java =================================================================== RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyLoader.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- PolicyLoader.java 2001/01/25 05:07:37 1.1 +++ PolicyLoader.java 2001/08/21 05:10:38 1.2 @@ -83,6 +83,7 @@ public class PolicyLoader extends BaseInterceptor { String securityManagerClass="java.lang.SecurityManager"; String policyFile=null; + boolean sandbox=false; public PolicyLoader() { } @@ -103,6 +104,13 @@ policyFile=pf; } + /** Enable/disable the module, independent of command line + options + */ + public void setSandbox( boolean b ) { + this.sandbox=b; + } + static Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat(); public void addInterceptor(ContextManager cm, Context ctx, @@ -113,12 +121,15 @@ if( ! jdk11Compat.isJava2() ) return; - + + if( debug > 0 ) + log("Checking for security manager " + cm.getProperty( "sandbox" )); // find if PolicyInterceptor has already been loaded - if( System.getSecurityManager() != null || + if( sandbox || + System.getSecurityManager() != null || cm.getProperty("sandbox") != null ) { - log("Found security manager "); + log("Loading sandbox "); try { Class c=Class. forName( "org.apache.tomcat.modules.config.PolicyInterceptor" ); @@ -126,7 +137,7 @@ PolicyLoader policyModule=(PolicyLoader)c.newInstance(); policyModule.setSecurityManagerClass( securityManagerClass); policyModule.setPolicyFile( policyFile ); - + policyModule.setDebug( debug ); cm.addInterceptor( policyModule ); // we could also remove PolicyLoader, since it's no longer 1.11 +39 -14 jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyInterceptor.java Index: PolicyInterceptor.java =================================================================== RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/PolicyInterceptor.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- PolicyInterceptor.java 2001/08/12 02:12:20 1.10 +++ PolicyInterceptor.java 2001/08/21 05:10:38 1.11 @@ -94,12 +94,21 @@ policyFile=pf; } + public void addInterceptor(ContextManager cm, Context ctx, + BaseInterceptor module) + throws TomcatException + { + // Just override parent + } + /** Set the security manager, so that policy will be used */ public void engineInit(ContextManager cm) throws TomcatException { if( System.getSecurityManager() != null ) return; try { if( null == System.getProperty("java.security.policy")) { + log( "Setting java.security.policy. This may fail on some VMs, please" + + " set it as a system property before starting tomcat"); File f=null; if( policyFile==null ) { policyFile="conf/tomcat.policy"; @@ -113,15 +122,19 @@ try { policyFile=f.getCanonicalPath(); } catch(IOException ex ) {} - log("Setting policy file to " + policyFile); - System.setProperty("java.security.policy", - policyFile); + + if( debug > 0 ) + log("Setting policy file to " + policyFile + + " tomcat.home= " + System.getProperty( "tomcat.home") ); + + System.setProperty("java.security.policy", policyFile); } + Class c=Class.forName(securityManagerClass); Object o=c.newInstance(); + Policy.getPolicy().refresh(); System.setSecurityManager((SecurityManager)o); - log("Security Manager set to " + securityManagerClass + " " + System.getProperty("java.security.policy")); } catch( ClassNotFoundException ex ) { @@ -140,6 +153,7 @@ Permissions p ) { if( context.isTrusted() ) { + if( debug > 0 ) log( "All permissions for " + context ); AllPermission aP=new AllPermission(); p.add( aP ); return; @@ -151,8 +165,7 @@ p.add(fp); // Add default write "-" FilePermission for docBase - fp = new FilePermission(base + File.separator + "-", - "write"); + fp = new FilePermission(base + File.separator + "-", "write"); p.add(fp); fp = new FilePermission(context.getWorkDir() + File.separator + "-", "read"); @@ -160,21 +173,33 @@ fp = new FilePermission(context.getWorkDir() + File.separator + "-", "write"); p.add(fp); + + // Read on the common and apps dir + fp = new FilePermission(cm.getInstallDir() + File.separator + + "lib" + File.separator + "common" + + File.separator + "-", + "read"); + p.add(fp); + fp = new FilePermission(cm.getInstallDir() + File.separator + + "lib" + File.separator + "apps" + + File.separator + "-", + "read"); + p.add(fp); + + RuntimePermission rp = new RuntimePermission("getClassLoader"); + p.add( rp ); // JspFactory.getPageContext() runs in JSP Context and needs the below // permission during the init of a servlet generated from a JSP. PropertyPermission pp = new PropertyPermission("line.separator","read"); - if( pp != null ) - p.add((Permission)pp); + p.add(pp); pp = new PropertyPermission("file.separator", "read"); - if( pp != null ) - p.add((Permission)pp); + p.add(pp); pp = new PropertyPermission("path.separator", "read"); - if( pp != null ) - p.add((Permission)pp); + p.add(pp); - if( debug > 0 || ctx.getDebug() > 0 ) - ctx.log("Permissions " + p ); + if( debug > 0 || context.getDebug() > 0 ) + context.log( "permissions " + p ); }