Bug 760 - Security: Constrain access to native function handles and their retrieval.
Summary: Security: Constrain access to native function handles and their retrieval.
Status: RESOLVED FIXED
Alias: None
Product: Gluegen
Classification: JogAmp
Component: core (show other bugs)
Version: 2
Hardware: All all
: P1 critical
Assignee: Sven Gothel
URL:
Depends on:
Blocks:
 
Reported: 2013-06-21 05:04 CEST by Sven Gothel
Modified: 2013-06-22 07:19 CEST (History)
0 users

See Also:
Type: ---
SCM Refs:
gluegen 23341a2df2d2ea36784a16fa1db8bc7385351a12 gluegen 2d8e25398e929f553c4524e9c57f083d90ba4e08 gluegen 8cabcd2de8b46c42dffcaaf46ccc2dc4d092ebba gluegen f69831574d4927d03d40c330d0b047d8c89622a4 gluegen eb842815498f5926828b49c48fffce22fc9586a2 gluegen f55074132e0369cb09a6fc4bda69ab936bd820fa gluegen b375bf84b56b391aa014154de2e7129de9af909a gluegen a7545f4fda73c215cff0da7256417bc1d1bd450b jogl 889ba9488ca07b59fdcc378642a2dc20676d69a3 jogl 7ae47a845c625b9677b5879831d87a14d8e57311
Workaround: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Gothel 2013-06-21 05:04:29 CEST 
[1] - Don't  allow retrieval of native function handles by a non permitted java class.
  - Opening a native library requires a security check
  - Lookup  on native library requires validation whether the native library handles
    was opened!
  - Close  on native library requires validation whether the native library handles
    was opened!
  - .. hence open/close shall be tracked in regards to ref-count ..
  - Global Lookup requires security check checkAllLinkPermission()

[2] - Don't  leak native function handles by a non permitted java class.
  - Generated fields for the handles shall not be public
  - Native code consuming the handles shall not be public
  - Any method exposing the handles, shall perform a security check

This shall also disable a fuzzy brute-force attempt (as we have lately seen w/ JOAL).
I.e. either the methods are no more accessible or the library handles ae checked,
or the actual caller does have required permissions.
Comment 1 Sven Gothel 2013-06-21 05:06:41 CEST 
all changes applied as described .. see commits.