This week's book giveaway is in the Cloud/Virtualizaton forum.
We're giving away four copies of Mesos in Action and have Roger Ignazio on-line!
See this thread for details.
Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Restricting permissions for a signed Java Web Start application

 
Marcel Dullaart
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

Is there anyway to restrict the permissions a signed JNLP/JWS application receives?
For testing this I wrote a little app that, with a button click, can create, read, write to, and delete a file.
With the unsigned version I get an AccessControlException, as expected, while with the signed version I can do all tasks.

Then I first added the following policy to the javaws.policy file, but without any effect:

So I added it to the java.policy file, but this also doesn't have any effect.
Is this at all possible? If so, how can I accomplish this?

Thanks for your time and help.
Marcel Dullaart
 
Marcel Dullaart
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

Today I closely examined the specification (jsr-56), the first section of paragraph 5.6 reads:
This specification specifies two trusted environments, the all-permissions environment and an
environment that meets the security specifications of the J2EE Application Client environment. Both of
these environments provide unrestricted access to the network and local disk. Thus, an application can
intentionally or unintentionally harm the local system. An application must only be launched if it is
trusted.


Is there no way whatsoever to restrict this somewhat?

Sure hope anyone here has some insights in this.

Kind regards,
Marcel Dullaart
 
Maneesh Godbole
Saloon Keeper
Posts: 11027
12
Android Eclipse IDE Google Web Toolkit Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As far as my knowledge goes, the answer is no and I think it is logical.
Why would you want to grant restricted access? From the security angle, the code can be malicious, not the user no?

 
Marcel Dullaart
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Maneesh for your answer, I really appreciate it.

Its indeed the code I want to restrict access for.
With JWP you download applications from the internet of which, signed or not, you don't really know what its doing, nor where its coming from.
That's why we want to restrict the permissions for the application to a certain degree, the application must be able to do its job, but nothing else.

Being an architect I'd like to come up with a standard way for our company to restrict the permissions 3rd party applications get to a predefined set.

Yesterday I found out that it is possible to restrict permissions if the JWP application's jnlp file does not specify the <all-permissions/>.
It appeared that the permissions defined in the javaws.policy are effective then.

But it would be best if this would also work with security settings enabled in the JNLP.

Kind regards,
Marcel Dullaart
 
Maneesh Godbole
Saloon Keeper
Posts: 11027
12
Android Eclipse IDE Google Web Toolkit Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I personally have never used the policy file approach. Would the user who logs in to the machine be able to edit the policy files?

In the past, when I have worked with customers from the Banking domain, or domains where security is paramount, I have observed that they implement a centralized rollout/deployment model, where the IT admin team would remotely deploy only authorized applications onto the workstations.
You might want to consider that .

Another idea would be the IT guys to examine the jar using probably reflection. Probably the jar can be scrutinized for known API/objects. e.g. if URLConnection is used, then the jar probably makes a server side call. If File is used, then it can possibly access the file system. I am not saying this is fool proof but I feel some analytical and flagger kind of tool can be developed on those lines.
 
Marcel Dullaart
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It depends on the users local rights whether or not he/she can edit policy files. Users with Local Admin rights obviously can.
We have a centralized rollout model, thanks for that suggestion, but there are different profiles for installation. JWS/JNLP conceptually seems to be an interesting alternative, therefore am I investigating manners to control the permissions these applications can get.

So far these are the alternatives:
  • all-permissions, runs in the trusted environment, no influence on granted permissions
  • unsecured, runs in the untrusted environment, full influence on granted permissions through the javaws.policy
  • write our JWS launcher that forces certain pre-defined policies onto JWS applications


  • The latter gives the greatest flexibility, but also requires us to roll-out a modified JRE to each workstation and maintain the launcher.

    Examining the jars, IMHO, only reveals the possible actions required by the application, not the location. E.g. accessing a file on the local system may be permitted in certain locations, but denied in others.

    Thanks for the feedback,
    Marcel
     
    Maneesh Godbole
    Saloon Keeper
    Posts: 11027
    12
    Android Eclipse IDE Google Web Toolkit Java Mac Ubuntu
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    You have summed it up nicely. Thanks.
    The problem you are trying to solve is interesting and I would be very much curious to know which option you pursue in the end. It would be nice if you can share the approach (not the code mind you) with us.
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic