| Summary: | Security: Constrain access to native function handles and their retrieval. | ||
|---|---|---|---|
| Product: | [JogAmp] Gluegen | Reporter: | Sven Gothel <sgothel> |
| Component: | core | Assignee: | Sven Gothel <sgothel> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | ||
| Priority: | P1 | ||
| Version: | 2 | ||
| Hardware: | All | ||
| OS: | all | ||
| Type: | --- | SCM Refs: |
gluegen 23341a2df2d2ea36784a16fa1db8bc7385351a12
gluegen 2d8e25398e929f553c4524e9c57f083d90ba4e08
gluegen 8cabcd2de8b46c42dffcaaf46ccc2dc4d092ebba
gluegen f69831574d4927d03d40c330d0b047d8c89622a4
gluegen eb842815498f5926828b49c48fffce22fc9586a2
gluegen f55074132e0369cb09a6fc4bda69ab936bd820fa
gluegen b375bf84b56b391aa014154de2e7129de9af909a
gluegen a7545f4fda73c215cff0da7256417bc1d1bd450b
jogl 889ba9488ca07b59fdcc378642a2dc20676d69a3
jogl 7ae47a845c625b9677b5879831d87a14d8e57311
|
| Workaround: | --- | ||
all changes applied as described .. see commits. |
[1] - Don't allow retrieval of native function handles by a non permitted java class. - Opening a native library requires a security check - Lookup on native library requires validation whether the native library handles was opened! - Close on native library requires validation whether the native library handles was opened! - .. hence open/close shall be tracked in regards to ref-count .. - Global Lookup requires security check checkAllLinkPermission() [2] - Don't leak native function handles by a non permitted java class. - Generated fields for the handles shall not be public - Native code consuming the handles shall not be public - Any method exposing the handles, shall perform a security check This shall also disable a fuzzy brute-force attempt (as we have lately seen w/ JOAL). I.e. either the methods are no more accessible or the library handles ae checked, or the actual caller does have required permissions.