You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@river.apache.org by Peter Firmstone <ji...@zeus.net.au> on 2013/05/04 03:21:02 UTC
Trusted computing base and reflective proxy message passing.
This article demonstrates a way we can avoid serialization security
vulnerabilities.
http://www.ibm.com/developerworks/library/se-lookahead/index.html
I propose we make a list of safe classes for Serializable objects to
limit the scope of classes an attacker can use.
If we allow all local interface classes, this will enable reflective
proxys' to be used for message passing by untrusted parties.
So for users we could create two new constraints:
1. TrustedObjectsConstraint - limiting serialization to trusted java
platform and jini platform objects (limited by a pre audited list
of classes), and no codebase downloads, reflective proxy only.
2. InputStreamConstraint - to limit the bytes possible to be
transferred via an InputStream used during unmarshalling.
Interested?
Regards,
Peter.