You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Lars Trieloff (JIRA)" <ji...@apache.org> on 2008/06/11 18:38:45 UTC
[jira] Updated: (SLING-524) Restrict JavaScript Engine to allow
running untrusted scripts for user-driven templating
[ https://issues.apache.org/jira/browse/SLING-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lars Trieloff updated SLING-524:
--------------------------------
Attachment: SLING-524.patch
Following patch implements a set of restrictions (with test cases) on recma (restriced ECMA) and resp (restricted ECMA server pages):
- maximum script runtime is 1000 ms
- maximum stack depth is 100
- no access to Packages, so effectively disabling all java capabilities
This leaves us with a very restricted environment that allows to a certain degree user-contributed scripts. One attack vector that I can imagine is uploading scripts with excessive parse and compile time, so that the runtime checks on denial of service attacks are not effective.
> Restrict JavaScript Engine to allow running untrusted scripts for user-driven templating
> ----------------------------------------------------------------------------------------
>
> Key: SLING-524
> URL: https://issues.apache.org/jira/browse/SLING-524
> Project: Sling
> Issue Type: New Feature
> Components: Scripting
> Affects Versions: 2.0.1
> Reporter: Lars Trieloff
> Attachments: SLING-524.patch
>
>
> If you want to allow users to run custom scripts inside sling, for instance to allow them to theme personal websites or blogs it is necessary to restrict the capabilities of the scripting environment so that users do not run scripts that access system files, run resource-draining scripts or harm the system in other ways.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.