760 2013-06-21 05:04:29 +0200 Security: Constrain access to native function handles and their retrieval. 2013-06-22 07:19:06 +0200 1 1 3 JogAmp Gluegen core 2 All all RESOLVED FIXED P1 critical --- 0 sgothel sgothel --- gluegen 23341a2df2d2ea36784a16fa1db8bc7385351a12 gluegen 2d8e25398e929f553c4524e9c57f083d90ba4e08 gluegen 8cabcd2de8b46c42dffcaaf46ccc2dc4d092ebba gluegen f69831574d4927d03d40c330d0b047d8c89622a4 gluegen eb842815498f5926828b49c48fffce22fc9586a2 gluegen f55074132e0369cb09a6fc4bda69ab936bd820fa gluegen b375bf84b56b391aa014154de2e7129de9af909a gluegen a7545f4fda73c215cff0da7256417bc1d1bd450b jogl 889ba9488ca07b59fdcc378642a2dc20676d69a3 jogl 7ae47a845c625b9677b5879831d87a14d8e57311 --- oldest_to_newest 2695 0 sgothel 2013-06-21 05:04:29 +0200 [1] - Don't allow retrieval of native function handles by a non permitted java class. - Opening a native library requires a security check - Lookup on native library requires validation whether the native library handles was opened! - Close on native library requires validation whether the native library handles was opened! - .. hence open/close shall be tracked in regards to ref-count .. - Global Lookup requires security check checkAllLinkPermission() [2] - Don't leak native function handles by a non permitted java class. - Generated fields for the handles shall not be public - Native code consuming the handles shall not be public - Any method exposing the handles, shall perform a security check This shall also disable a fuzzy brute-force attempt (as we have lately seen w/ JOAL). I.e. either the methods are no more accessible or the library handles ae checked, or the actual caller does have required permissions. 2696 1 sgothel 2013-06-21 05:06:41 +0200 all changes applied as described .. see commits.