ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kerns, Bob" <Bob.Ke...@firepond.com>
Subject RE: Security Manager and System.exit
Date Mon, 31 Dec 2001 11:56:53 GMT
Actually, there's a choice. Instead of replacing the SecurityManager, if one
is installed, why not just ensure ant lacks the "exitVM" runtime permission?
Then anything that Ant calls will not be able to execute exit() (unless it
explicitly enables privileges), and a SecurityException will be thrown.
(Unless, of course, the SecurityManager that's already installed is
promiscuous and doesn't bother checking permissions. An InsecurityManager?)

In other words, why reinvent the wheel? Just:
1) Load Ant using a SecureClassLoader (base AntClassLoader on
SecureClassLoader instead of ClassLoader).
2) Implement getPermissions() on the class loader to *not* grant this
RuntimePermission (you'll need to subclass PermissionCollection to *exclude*
a permission that would otherwise be granted by the default Policy).
3) Install the standard SecurityManager if none is already installed.

You don't need to load all of Ant with a secure class loader -- you just
need one class, and have an invocation on the stack of a method on that
class. So you don't have to switch to using AntClassLoader wholesale to
accomplish this.

-----Original Message-----
From: Stephane Bailliez [mailto:sbailliez@imediation.com]
Sent: Friday, December 14, 2001 3:43 AM
To: Ant Developers List
Subject: RE: Security Manager and System.exit


> -----Original Message-----
> From: Stefan Bodewig [mailto:bodewig@apache.org]

> > So is there any issue if we use a System manager for JDK 1.2+ (see
> > below) ?
> 
> We may not want to blindly replace an existing SecurityManager.  I
> believe NetBeans installs its own and it wouldn't be nice to disable
> it for example.

There is not much choice.

We must be able to detect System.exit when running JavaCommand so that means
we must do something with the security manager, that is: make checkExit
throws an exception and catch the exception when needed.

Stephane

--
To unsubscribe, e-mail:   <mailto:ant-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:ant-dev-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:ant-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:ant-dev-help@jakarta.apache.org>


Mime
View raw message