You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@river.apache.org by Peter Firmstone <ji...@zeus.net.au> on 2013/05/04 03:21:02 UTC

Trusted computing base and reflective proxy message passing.

This article demonstrates a way we can avoid serialization security 
vulnerabilities.

http://www.ibm.com/developerworks/library/se-lookahead/index.html

I propose we make a list of safe classes for Serializable objects to 
limit the scope of classes an attacker can use.

If we allow all local interface classes, this will enable reflective 
proxys' to be used for message passing by untrusted parties.

So for users we could create two new constraints:

   1. TrustedObjectsConstraint - limiting serialization to trusted java
      platform and jini platform objects (limited by a pre audited list
      of classes), and no codebase downloads, reflective proxy only.
   2. InputStreamConstraint - to limit the bytes possible to be
      transferred via an InputStream used during unmarshalling.


Interested?

Regards,

Peter.