• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Container security

 
Ranch Hand
Posts: 1608
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have long had this curiosity.
Suppose I run a web/servlet container (such as Tomcat), and I permit other users to host their web content under their user directory, etc. How does one go about preventing malicious activity by the arbitrary users? For example, as a user of such a service, I could simply open a file for write on the server machine and start writing whatever I wanted.

I can think of two possible solutions:
1) Manual inspection of code before it is permitted to be hosted; laborious and error-prone.
2) Install a SecurityManager on the container that only permits a set of restricted operations; Potentially error-prone.

Just how is it usually done?
 
author
Posts: 4335
39
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For file access, the operating system can prevent users from reading/writing to areas they don't have access (assuming this is Unix of NTFS, for FAT there is no support).

Without a security manager though a user can still perform malicious operations such as having infinite loops that tie up resources.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A security manager would be the way to go. It's not hard to set one up, and error-prone only insofar as one has to think of all the malicious things users might try to do. Probably better to start out by giving them too few permissions, and correct it as they complain.

@Scott: I'm intrigued - All web apps would run under the same user account (the same one Tomcat runs under), so how could you stop them writing over each others directories using filesystem permissions?
[ November 09, 2005: Message edited by: Ulf Dittmer ]
 
Scott Selikoff
author
Posts: 4335
39
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:
@Scott: I'm intrigued - All web apps would run under the same user account (the same one Tomcat runs under), so how could you stop them writing over each others directories using filesystem permissions?



Good point, I forgot the Tomcat user is the same irregardless of 'where' the files are located. Operating system settings would only come into play if each user was running their own instance of Tomcat. Hmmm... wonder if there is a way to force the operating system settings forward though... going to think about this one.
 
Tony Morris
Ranch Hand
Posts: 1608
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So in conclusion, everyone is as confused as I am?
 
reply
    Bookmark Topic Watch Topic
  • New Topic