You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@groovy.apache.org by Radoslav Ivanov <ri...@avoka.com> on 2017/03/29 01:47:11 UTC
Security: disable process groovy methods
Hi guys
In context of secure groovy runtime, is there a way (like SecureCustomizer) to forbid/disable process groovy methods?, e.g.:
'kill -9 1234'.execute()
Also have you planned on implementing a switch to disable them?
Regards
Rado
Re: Security: disable process groovy methods
Posted by Jochen Theodorou <bl...@gmx.org>.
On 29.03.2017 03:47, Radoslav Ivanov wrote:
> Hi guys
>
> In context of secure groovy runtime, is there a way (like
> SecureCustomizer) to forbid/disable process groovy methods?, e.g.:
>
> kill -9 1234.execute()
>
> Also have you planned on implementing a switch to disable them?
using a security manager you can give the runtime no rights for to
execute files. See
https://docs.oracle.com/javase/8/docs/api/java/lang/SecurityManager.html#checkExec-java.lang.String-
bye Jochen
Re: Security: disable process groovy methods
Posted by Jochen Theodorou <bl...@gmx.org>.
On 29.03.2017 03:47, Radoslav Ivanov wrote:
> Hi guys
>
> In context of secure groovy runtime, is there a way (like
> SecureCustomizer) to forbid/disable process groovy methods?, e.g.:
>
> kill -9 1234.execute()
>
> Also have you planned on implementing a switch to disable them?
using a security manager you can give the runtime no rights for to
execute files. See
https://docs.oracle.com/javase/8/docs/api/java/lang/SecurityManager.html#checkExec-java.lang.String-
bye Jochen