You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@groovy.apache.org by Radoslav Ivanov <ri...@avoka.com> on 2017/03/29 01:47:11 UTC

Security: disable process groovy methods

Hi guys

In context of secure groovy runtime, is there a way (like SecureCustomizer) to forbid/disable process groovy methods?, e.g.:
'kill -9 1234'.execute()

Also have you planned on implementing a switch to disable them?

Regards
Rado

Re: Security: disable process groovy methods

Posted by Jochen Theodorou <bl...@gmx.org>.

On 29.03.2017 03:47, Radoslav Ivanov wrote:
> Hi guys
>
> In context of secure groovy runtime, is there a way (like
> SecureCustomizer) to forbid/disable process groovy methods?, e.g.:
>
> kill -9 1234.execute()
>
> Also have you planned on implementing a switch to disable them?

using a security manager you can give the runtime no rights for to 
execute files. See 
https://docs.oracle.com/javase/8/docs/api/java/lang/SecurityManager.html#checkExec-java.lang.String-

bye Jochen

Re: Security: disable process groovy methods

Posted by Jochen Theodorou <bl...@gmx.org>.

On 29.03.2017 03:47, Radoslav Ivanov wrote:
> Hi guys
>
> In context of secure groovy runtime, is there a way (like
> SecureCustomizer) to forbid/disable process groovy methods?, e.g.:
>
> kill -9 1234.execute()
>
> Also have you planned on implementing a switch to disable them?

using a security manager you can give the runtime no rights for to 
execute files. See 
https://docs.oracle.com/javase/8/docs/api/java/lang/SecurityManager.html#checkExec-java.lang.String-

bye Jochen