From: Roland.Schemers@Eng (Roland Schemers)
Message-Id: <199801262004.MAA28612@crypto.eng.sun.com>
Subject: Re: JDK 1.2 security clarifications
To: Richard.Kinder@UK (Richard Kinder - Sun UK)
Date: Mon, 26 Jan 1998 12:04:49 -0800 (PST)
In-Reply-To: <Roam.SIMCSD.2.0.4.885827135.9378.richardk@wycsun> from "Richard Kinder - Sun UK" at Jan 26, 98 03:05:35 pm
>
> 1. If we have a derived Permission in the policy file, sub-classed from
> another dervied Permission:
>
> e.g.
>
> grant SignedBy "Roland, Li" {
> ...
> permission com.abc.LateNiteMoviePermission "watch", signedBy "Li"
> }
>
> where com.abc.LateNiteMoviePermission is derived from com.abc.TVPermission
> would the above policy file entry cause the signature on the superclass,
> com.abc.TVPermission, to be checked? If not, could one subvert the security by
> spoofing the superclass?
Good question. Currently, they could be spoofed. We'll think about how that
could be improved. One way would be to use reflection and walk the
inheritance hierarchy, checking the super classses.
> 2. Is it possible to tie-down a particular Permission object to a given
> codebase? This would enable Permission class byte-code to be d/loaded from a
> particular server, say permissions.foo.com...
currently not. This isn't a big problem for applets as you always go back
to where the applet came from for all code anyways. Also, the signed permission
is only granted to the codebase/signedby listed in the grant statement, so in
some sense you can restrict the codebase of the permission as well.
We'll think about adding a codeBase option to permissions though (i.e., the
same way signedBy is allowed at the end of a permission line).
> 3. Are there any constraints on class visibility for a subclass of Permission
> to be used in the policy file? In other words, can Permissions defined as
> package private or inner classes be referred to in the policy file?
>
Currently they must be public. In Particular, they need a
public (String, String) constructor, which the policy class uses
to instantiate a permission.
thanks, roland