2

Part of my project need to allow participant upload simple and very basic java code and I will run their code and return the result for them. I reduce the security risk by limiting the permission of web user account, using thread to control time out case, and use security manager to sandbox entrusted program.

Since I do not know much about what kind of request may cause unexpected danger, I decided to use default policy. But most of people are talking about using a custom policy.

I have searched a lot but I still did not find any website/literature/tutorial which talk about why shouldn't I use default security manager. Is there any bugs that can be avoid by using a custom policy while exist in default one?

I mean, is it because the default policy is too strict or useless, such that people tend to use custom policy.

I have read the java.security, but I still want to make sure of this.

user207421
  • 305,947
  • 44
  • 307
  • 483
user3794582
  • 123
  • 1
  • 10
  • Sorry, I don't understand. Do you mean that I should duplicate the sandbox? – user3794582 Aug 29 '14 at 08:20
  • It means that you should have a look at the question called "[Sandbox against malicious code in a Java application](https://stackoverflow.com/questions/502218/sandbox-against-malicious-code-in-a-java-application)", because it's really similar to the one you are asking, and the answers can be useful for you. – Florent Bayle Aug 29 '14 at 08:29
  • 1
    Thanks, I've read the link and it is very useful. I actually built my system based on the answer in this link. But I still have no idea why should we use a custom policy instead of a default one. ( I know my question is stupid, but I only need a reason) – user3794582 Aug 29 '14 at 08:38
  • Is it because " default SecurityManager is more often used to control particular actions by any method, custom SecurityManager can control the actions by a single method". link: http://stackoverflow.com/questions/9482307/setting-the-java-securitymanager-for-one-method-only?lq=1 – user3794582 Aug 29 '14 at 08:45
  • I suggest you *try* it. If you need a SecurityManager at all. You'll discover what extra permissions you need that it doesn't give you. – user207421 Aug 29 '14 at 09:36

1 Answers1

1

Minimum rights must be authorized, and not the "reasonable defaults".

This depends the details of your project. These details define permissions you give to the customer code. The list of possible permissions is huge, and knowing what are you doing you can probably tune it more tightly. At least, you should look into the default policy file and think that could be additionally disabled.

Audrius Meškauskas
  • 20,936
  • 12
  • 75
  • 93
  • So, default policy offers "reasonable defaults" permissions. And if I want to stop some permissions, I need a custom one. Is it right? – user3794582 Aug 29 '14 at 09:05