Status/Resolution/Reason: Closed/Fixed/
Reporter/Name(from Bugbase): Jochem van Dieten / Jochem van Dieten (Jochem van Dieten)
Created: 01/06/2009
Versions: 9.0
Failure Type: Unspecified
Found In Build/Fixed In Build: 0000 / 228759
Priority/Frequency: Major / Unknown
Locale/System: English / Platforms All
Vote Count: 1
Problem:
Fine grained Sandbox permissions for Java objects
If we allow people to use Java objects we essentially give them full reign over the server. They can do anything at the Java level they want, including for instance CreateObject("java", "java.lang.Runtime").getRuntime().halt(1), CreateObject("java", "java.lang.Runtime").getRuntime().exec(batchFile) etc. This makes it trivial to for instance run a batchfile that overwrites password.properties, then restarts CF to force it to reread the password.properties file and take over the server.
In the underlying Java security model there are protections against all this. We just don't have the ability to switch on that level of security in Sandboxes. What I would like is to be able to disable all these dangerous features so that I can safely open up access to Java for my hosted customers. At the very least I want to be able to revoke all RuntimePermissions, PropertyPermissions (or maybe just the write permission), ReflectPermissions and SecurityPermissions.
Method:
Result:
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3037166
External Customer Info:
External Company:
External Customer Name: Jochem van Dieten
External Customer Email: 14B70C2D446042B59920157F
External Test Config: 01/06/2009Attachments:
Comments: