-
Notifications
You must be signed in to change notification settings - Fork 12
Sandbox
Since release version 0.5.2 las2peer features a sandbox. The sandbox wraps the code executed on the local system and makes it possible to restrict some actions.
The las2peer sandbox concept currently consists of two parts: A custom SecurityManager that limits the possibilities of the whole node's code, and a class loader policy restricting the possibilities of a service.
First of all the sandbox will block file access to system files and user data on the system. Most files inside a las2peer folder are readable to the (service-)code executed on the local node. In detail the file access can be configured in the etc/las2peer.policy file.
If your project doesn’t have a policy file, las2peer will automatically create a copy from the policy file shipped within las2peer’s jar on the first start.
Furthermore the sandbox can limit network access. This gives the node maintainer the option to restrict whether a port is used for las2peer or not. In particular, a malicious service can’t block other system services like HTTP or IMAP by opening those ports without permission.
Last but not least the security manager performs some checks to protect itself: First off, by preventing the security manager from being overwritten during runtime. Additionally, file access to the policy file during runtime is blocked too. And finally changing the classpath (e.g., adding further directories) is not allowed during runtime.
las2peer loads each service using a seperate class loader. Services cannot access other services. Additionally, when enabling the sandbox, the access to classes outside the service package is limited to the API package, the RESTMapper (and needed dependencies) and some JDK classes. The service may not:
- access sensible information on or about the node
- create threads, access information about the JVM or start processes
- ...
To simplify developement, we decided to disable the sandbox by default. Nevertheless we strongly recommend to activate the sandbox for permanent deployments. To enable the sandbox please adapt the policy file (see below) and use the Junit test in src/test/java/i5/las2peer/security/SandboxTest.java to check it. If you experience issues while using the sandbox, please take a look at the log file and console output for blocked permissions.
- If you are using a las2peer version prior to 0.7, or upgraded from a version prior to las2peer 0.7:
To enable the sandbox comment out the following lines on top in the etc/las2peer.policy file:
grant {
permission java.security.AllPermission;
};
- If you are using las2peer 0.7:
Start the node with the --sandbox parameter, see node launcher.