Restrict access in bsh scripts

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Restrict access in bsh scripts

Klaus Reimer
Hi,

I'm currently searching for a scripting language which can be embedded
into Java. I've considered using beanshell but I have a security problem
with it. I need a scripting language which is absolutely restricted in
what it can do. I will provide some data to it and some functions and
with this stuff the script can do what it want to but it must not access
any other stuff. So I need a scripting language which virtually runs in
it's own sandbox.

But Beanshell can instantiate any class it finds in the class path. So
it can use Runtime.getRuntime().exec() to execute external programs for
example. I tried to make Beanshell as restrictive as possible by
removing all beanshell-JARs except the core JAR and I also provided a
custom class loader which only allows class loading for a specific set
of classes (java.lang.String for example). But even then beanshell is
able to access the bad stuff via reflection and simply by using a
different class loader:

this.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("getRuntime",
null).invoke(null, null).exec("/usr/bin/doBadStuff"));

Is there some feature I missed in beanshell which disallows stuff like
this or is beanshell simply the wrong scripting language for my need?

--
Bye, K <http://www.ailis.de/~k/>
[A735 47EC D87B 1F15 C1E9 53D3 AA03 6173 A723 E391]
(Finger [hidden email] to get public key)


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users

signature.asc (260 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Restrict access in bsh scripts

Alan Bram-3
>  I need a scripting language which is absolutely restricted in
> what it can do. I will provide some data to it and some functions and
> with this stuff the script can do what it want to but it must not  
> access
> any other stuff. So I need a scripting language which virtually  
> runs in
> it's own sandbox.

Why can't you simply run the scripts under control of the normal Java  
security manager? That should allow you to restrict what operations  
may be performed with as much precision as you could want.

In other words, it's not a language issue. You should be able to use  
the same mechanism that allows you to control running code loaded  
from any untrusted source.

Cheers,
  - arb

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users
Reply | Threaded
Open this post in threaded view
|

Re: Restrict access in bsh scripts

Alexey Zinger
In reply to this post by Klaus Reimer
I had looked into this previously for a project of mine.  Admittedly, I have
not yet implemented my intended solution, it's really not a big problem.  Java
provides a permissions mechanism via class loaders.  What you'll want to do is
load bsh.Interpreter via your own specially prepared class loader with some
hand picked permissions.  Check out java.lang.RuntimePermission docs -- should
cover most of your needs.

--- Klaus Reimer <[hidden email]> wrote:

> Hi,
>
> I'm currently searching for a scripting language which can be embedded
> into Java. I've considered using beanshell but I have a security problem
> with it. I need a scripting language which is absolutely restricted in
> what it can do. I will provide some data to it and some functions and
> with this stuff the script can do what it want to but it must not access
> any other stuff. So I need a scripting language which virtually runs in
> it's own sandbox.
>
> But Beanshell can instantiate any class it finds in the class path. So
> it can use Runtime.getRuntime().exec() to execute external programs for
> example. I tried to make Beanshell as restrictive as possible by
> removing all beanshell-JARs except the core JAR and I also provided a
> custom class loader which only allows class loading for a specific set
> of classes (java.lang.String for example). But even then beanshell is
> able to access the bad stuff via reflection and simply by using a
> different class loader:
>
>
this.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("getRuntime",

> null).invoke(null, null).exec("/usr/bin/doBadStuff"));
>
> Is there some feature I missed in beanshell which disallows stuff like
> this or is beanshell simply the wrong scripting language for my need?
>
> --
> Bye, K <http://www.ailis.de/~k/>
> [A735 47EC D87B 1F15 C1E9 53D3 AA03 6173 A723 E391]
> (Finger [hidden email] to get public key)
>
> > -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/>
_______________________________________________
> Beanshell-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/beanshell-users
>


Alexey
2001 Honda CBR600F4i (CCS)
1992 Kawasaki EX500
http://azinger.blogspot.com
http://bsheet.sourceforge.net
http://wcollage.sourceforge.net



      ____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Beanshell-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/beanshell-users