[security-dev 00066]: Javasss (Safe secure sandbox) for jdk 6 and openjdk 7
sgodsell at hotmail.com
Tue Feb 12 13:50:59 PST 2008
Hello once again openjdk people,
Previously Javass required openjdk 7. Now it supports jdk 6 update 3. The following is a list of enhancements:
- Overwrite and lock users file paths to a specific base path (like chroot in unix)
- All temporary files can automatically be created in the base path without any program change to existing applications
- You can limit the amount of storage being used in a path or file
- You can limit the # of file and directories being created in path
- You can make any path read only or read/write
- You can allow or deny whether libraries can be loaded from a path.
- You can allow or deny whether native methods can be used from a path.
- You can have multiple paths to allow users to read or write to with different
limiting storage and or # or files and directories.
- You can limit the number of threads and thread priority.
- You can limit the maximum # of windows being created.
- You can allow or deny hosts and ports being used.
- You can allow or deny execution of runtime process.
- You can limit the amount of socket traffic throughput in bytes per second
- All items can be controlled in a simple properties file
- Allow threads to have different paths, and/or lock every new thread with certain paths
- Allow users to configure thread paths using a key.
- Existing programs and applications can run without any changes or modifications.
A security manager cannot even do half the items previously listed. There is complete source code and examples are at the following site:
More information about the security-dev