Nashorn/jjs security: executing a user's script on server side

Question

I'm writing an application where the user can provide a custom javascript function to filter a file on the server side using nashorn/jjs:

cat /etc/js/library.js user.js > tmp.js && 
cat /path/to/input.txt | jjs --language=es6 -doe -J-Djava.security.manager tmp.js > /path/to/output.txt &&
rm tmp.js

I know that the user could write an infinite loop to fill my disk:

for(;;) print("#####);

But is -J-Djava.security.manager sufficient to prevent him to read/write a file on the filesystem ?

Thanks.

Did you find a way to prevent the user write an infinite loop? — ps0604, Jun 24 '18 at 23:10

score 2 · Accepted Answer · answered Oct 26 '16 at 08:14

2

You're right. Once you set java security manager, your scripts are "sandboxed". Unless you write explicit security policy where you grant specific permissions to specific scripts, only sandbox permissions are given to scripts. You can safely run unsecure scripts. To grant specific permissions to specific scripts, you need to load script from trusted URLs and use those URLs in security policy:

See also: https://wiki.openjdk.java.net/display/Nashorn/Nashorn+script+security+permissions

answered Oct 26 '16 at 08:14

A. Sundararajan

4,277
1
15
30

Thanks, but isn't it paradoxal that jjs is still able to read the script file `tmp.js` ? (or is the security actived *after* reading this js file ?) – Pierre Oct 27 '16 at 08:35
1

No, jjs code itself is given AllPermission by default policy. It is the jjs code that reads initial set of files specified in command line and so it is consistent. If your script calls "load" primitive to load further scripts, your script's (the loading script) security permissions will also come into play. – A. Sundararajan Oct 27 '16 at 12:45

Nashorn/jjs security: executing a user's script on server side

1 Answers1