JDK 1.2 security clarifications

Richard Kinder - Sun UK (Richard.Kinder@UK)
Mon, 26 Jan 1998 15:05:35 +0000 (GMT)

Date: Mon, 26 Jan 1998 15:05:35 +0000 (GMT)
From: Richard Kinder - Sun UK <Richard.Kinder@UK>
Subject: JDK 1.2 security clarifications
To: java-security@java0.javasoft.com
In-Reply-To: "Your message with ID" <Roam.SIMCSD.2.0.4.885820407.29900.richardk@wycsun>

JDK 1.2 security experts,

IHAC with some questions regarding the new fine-grained security model in JDK
1.2, any answers/pointers much appreciated...

1. If we have a derived Permission in the policy file, sub-classed from
another dervied Permission:

e.g.

grant SignedBy "Roland, Li" {
...
permission com.abc.LateNiteMoviePermission "watch", signedBy "Li"
}

where com.abc.LateNiteMoviePermission is derived from com.abc.TVPermission
would the above policy file entry cause the signature on the superclass,
com.abc.TVPermission, to be checked? If not, could one subvert the security by
spoofing the superclass?

2. Is it possible to tie-down a particular Permission object to a given
codebase? This would enable Permission class byte-code to be d/loaded from a
particular server, say permissions.foo.com...

3. Are there any constraints on class visibility for a subclass of Permission
to be used in the policy file? In other words, can Permissions defined as
package private or inner classes be referred to in the policy file?

Thanks,
Richard.

--
Richard Kinder,                                St. John's Court, Easton Street,
Sun Microsystems Inc.,                         High Wycombe, HP11 1JX, UK.
JavaSoft Europe.			       Tel: +44-1494-472900
					       Fax: +44-1494-472383