6

I'd like to allow users to submit Java / Scala source code from browser client and compile / execute it on the server. However, at the same time, I want to restrict users from running potentially malicious code on server.

For instance, I would like to prevent filesystem access as well as inbound / outbound network access for submitted source code. What else should I restrict?

Which Java / Scala libraries should I explicitly disallow for client? For instance, here is my list of disallowed API's / libraries:

java.lang.System
java.lang.Runtime
java.io.*
java.nio.*
scala.io.*
java.net

How do I properly sandbox untrusted Java / Scala code?

user3482479
  • 319
  • 5
  • 8
  • I may be wrong but first, you should implement a "white list" and second disallowing APIs won't be enough. But again, on this dimension I am not sure of the whole scope. – Lucio Apr 06 '14 at 00:09
  • 3
    I would use an *isolated environment approach*. That is, don't limit the code or packages available, but limit the environment - i.e. no (or limited/virtualized) file-system access, no (or limited/virtualized) network access. This doesn't answer the question as it doesn't say *how* to create such a restricted environment, but I believe it's a sane approach for an online "codepad/execution" service. – user2864740 Apr 06 '14 at 00:13
  • @user2864740 + prohibit things like `System.exit()` – om-nom-nom Apr 06 '14 at 00:42

1 Answers1

3

The JVM runtime can be restricted by providing a policy file. Java unfortunately is not fullproof, so you would be wise to restrict the account running the JVM at the OS level.

If you are allowing the end user to compile scala code on your server then the compiler might execute macro code which is an additional attack surface. Scalac has probably not been designed to protect against malicious macros. Scalac runs within a JVM itself and could be similarly sandboxed.

This question is very close to yours.

Sazzadur Rahaman
  • 6,938
  • 1
  • 30
  • 52
Mark Lister
  • 1,103
  • 6
  • 16
  • Hi @Mark Lister , Can you please provide some more information about restricting JVM privileges at the OS level? – NehaM Jul 20 '16 at 08:35