Interesting

[Jon Scott Stevens <jo...@latchkey.com>]

I wonder if one could use these techniques to hack a servlet engine somehow
and get from one context to another (assuming you had access to run servlets
in it...ie: shared hosting)...

    http://www.javaspecialists.co.za/archive/Issue014.html

-jon


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Interesting

[Glenn Nielsen <gl...@mail.more.net>]

Costin Manolache wrote:
> Glenn Nielsen wrote:
> 
> 
> 
>>>>Interesting - but it won't work if the security manager is enabled.
>>>>If the security manager is disabled ( as it is in 99% of the cases ) -
>>>>there is no protection at all, if you can run servlets - you can do
>>>>anything a C program can. Just load a JNI library and then control the
>>>>VM at the low level, and access/modify anything that tomcat user can.
>>>>
>>>>It may be a good idea if 5.0 would have the secure mode as default.
>>>>Users will complain their apps won't work and tomcat will be a bit
>>>>slower -  but if this raises their awarness on security and maybe they
>>>>fix some of the webapps to work in the sandbox, then it's worth it.
>>>>Restoring the current mode can be easy - like adding a "-insecure"
>>>>option or some TOMCAT_INSECURE env :-)
>>>
>>>
>>>+1  And I'm sure that for the majority of Tomcat user, the performance
>>>hit will not be so high.
>>
> 
> Read the whole message :-)
> 
> The big problem is that many webapps will just break. And people will
> have to start learning how to configure the policy. 
> 
> I do agree that it is worth it - but if we're going to do it we should
> be prepared for a _lot_ of problems.  Performance is the smallest problem
> we'll have.
> 
> 

One of the things which has been on my TODO list for a while is to
write some documentation about how to code API's and web applications
which are SecurityManager friendly. I frequently run across code which
was written in a way which makes setting security policies difficult,
or require granting permissions you really don't want to grant to a web
application running in a sandbox. Having a document to point user's
to would help.

Glenn

----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Interesting

[Costin Manolache <cm...@yahoo.com>]

Glenn Nielsen wrote:


>>> Interesting - but it won't work if the security manager is enabled.
>>> If the security manager is disabled ( as it is in 99% of the cases ) -
>>> there is no protection at all, if you can run servlets - you can do
>>> anything a C program can. Just load a JNI library and then control the
>>> VM at the low level, and access/modify anything that tomcat user can.
>>>
>>> It may be a good idea if 5.0 would have the secure mode as default.
>>> Users will complain their apps won't work and tomcat will be a bit
>>> slower -  but if this raises their awarness on security and maybe they
>>> fix some of the webapps to work in the sandbox, then it's worth it.
>>> Restoring the current mode can be easy - like adding a "-insecure"
>>> option or some TOMCAT_INSECURE env :-)
>> 
>> 
>> +1  And I'm sure that for the majority of Tomcat user, the performance
>> hit will not be so high.

Read the whole message :-)

The big problem is that many webapps will just break. And people will
have to start learning how to configure the policy. 

I do agree that it is worth it - but if we're going to do it we should
be prepared for a _lot_ of problems.  Performance is the smallest problem
we'll have.


>>> The sandbox is IMHO the biggest benefit of Java over all other
>>> languages ( including .net - I know they have similar concept, but I
>>> don't think it matches the JVM ).
>> 
> 
> Hear, hear.  That is what got me involved with Tomcat.

Well, it is what got me involved with Java in the first place :-)

Costin


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Interesting

[Glenn Nielsen <gl...@mail.more.net>]

Jeanfrancois Arcand wrote:
> 
> 
> Costin Manolache wrote:
> 
>> Jon Scott Stevens wrote:
>>
>>> I wonder if one could use these techniques to hack a servlet engine 
>>> somehow
>>> and get from one context to another (assuming you had access to run 
>>> servlets
>>> in it...ie: shared hosting)...
>>>
>>>     http://www.javaspecialists.co.za/archive/Issue014.html
>>>
>>> -jon
>>
>>
>>
>> Interesting - but it won't work if the security manager is enabled.
>> If the security manager is disabled ( as it is in 99% of the cases ) - 
>> there is no protection at all, if you can run servlets - you can do
>> anything a C program can. Just load a JNI library and then control the 
>> VM at the low level, and access/modify anything that tomcat user can.
>>
>> It may be a good idea if 5.0 would have the secure mode as default.
>> Users will complain their apps won't work and tomcat will be a bit
>> slower -  but if this raises their awarness on security and maybe they
>> fix some of the webapps to work in the sandbox, then it's worth it.
>> Restoring the current mode can be easy - like adding a "-insecure"
>> option or some TOMCAT_INSECURE env :-) 
> 
> 
> +1  And I'm sure that for the majority of Tomcat user, the performance 
> hit will not be so high.
> 
> -- Jeanfrancois
> 

+1 In my testing I found that the SecurityManager added 7% overhead.
For me security is well worth the 7%.

>>
>>
>> The sandbox is IMHO the biggest benefit of Java over all other
>> languages ( including .net - I know they have similar concept, but I 
>> don't think it matches the JVM ).
> 

Hear, hear.  That is what got me involved with Tomcat.

Glenn

----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Interesting

[Jeanfrancois Arcand <jf...@apache.org>]

Costin Manolache wrote:

> Jon Scott Stevens wrote:
>
>> I wonder if one could use these techniques to hack a servlet engine 
>> somehow
>> and get from one context to another (assuming you had access to run 
>> servlets
>> in it...ie: shared hosting)...
>>
>>     http://www.javaspecialists.co.za/archive/Issue014.html
>>
>> -jon
>
>
> Interesting - but it won't work if the security manager is enabled.
> If the security manager is disabled ( as it is in 99% of the cases ) - 
> there is no protection at all, if you can run servlets - you can do
> anything a C program can. Just load a JNI library and then control the 
> VM at the low level, and access/modify anything that tomcat user can.
>
> It may be a good idea if 5.0 would have the secure mode as default.
> Users will complain their apps won't work and tomcat will be a bit
> slower -  but if this raises their awarness on security and maybe they
> fix some of the webapps to work in the sandbox, then it's worth it.
> Restoring the current mode can be easy - like adding a "-insecure"
> option or some TOMCAT_INSECURE env :-) 

+1  And I'm sure that for the majority of Tomcat user, the performance 
hit will not be so high.

-- Jeanfrancois

>
>
> The sandbox is IMHO the biggest benefit of Java over all other
> languages ( including .net - I know they have similar concept, but I 
> don't think it matches the JVM ).

>
>
> Costin
>
>
>
> -- 
> To unsubscribe, e-mail:   
> <ma...@jakarta.apache.org>
> For additional commands, e-mail: 
> <ma...@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Interesting

[Costin Manolache <cm...@yahoo.com>]

Jon Scott Stevens wrote:
> I wonder if one could use these techniques to hack a servlet engine somehow
> and get from one context to another (assuming you had access to run servlets
> in it...ie: shared hosting)...
> 
>     http://www.javaspecialists.co.za/archive/Issue014.html
> 
> -jon

Interesting - but it won't work if the security manager is enabled.
If the security manager is disabled ( as it is in 99% of the cases ) - 
there is no protection at all, if you can run servlets - you can do
anything a C program can. Just load a JNI library and then control the 
VM at the low level, and access/modify anything that tomcat user can.

It may be a good idea if 5.0 would have the secure mode as default.
Users will complain their apps won't work and tomcat will be a bit
slower -  but if this raises their awarness on security and maybe they
fix some of the webapps to work in the sandbox, then it's worth it.
Restoring the current mode can be easy - like adding a "-insecure"
option or some TOMCAT_INSECURE env :-)

The sandbox is IMHO the biggest benefit of Java over all other
languages ( including .net - I know they have similar concept, but I 
don't think it matches the JVM ).

Costin



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>