Project

General

Profile

Bug #12450

JS sandbox permission must be defined in a file

Added by François ARMAND about 2 years ago. Updated almost 2 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
User visibility:
Effort required:
Priority:
0

Description

As seen in #12447, #12448 and other, we need to be able to easely update required permission for the JS sandbox because they change massively between each (minof) jvm release.

For that, we need to defined our "java.policy" file and use it - but only for the javascript vm. There is hint about how to do that here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html and more particulary https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#DefaultLocs

But it seems that just setting "java.security.policy=someURL SomeApp" system property will affect all Rudder, which is not what we want.

Need some tests.


Related issues

Related to Rudder - Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity"ReleasedVincent MEMBRÉActions
Related to Rudder - Bug #12548: Java 9 / Java 10 compatibility: security exception for JS VMReleasedVincent MEMBRÉActions
#1

Updated by François ARMAND about 2 years ago

  • Related to Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity" added
#2

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 4.1.11 to 4.1.12
#3

Updated by François ARMAND about 2 years ago

  • Status changed from New to In progress
#4

Updated by François ARMAND about 2 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/1921
#5

Updated by François ARMAND about 2 years ago

  • Related to Bug #12548: Java 9 / Java 10 compatibility: security exception for JS VM added
#6

Updated by François ARMAND about 2 years ago

  • Target version changed from 4.1.12 to 4.3.2

I'm retargeting that one to 4.3 because I'm not really at ease with the span of the change for 4.1.

#7

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 4.3.2 to 410
#8

Updated by Benoît PECCATTE about 2 years ago

  • Target version changed from 410 to 4.3.2
#9

Updated by François ARMAND almost 2 years ago

  • Status changed from Pending technical review to Pending release
#10

Updated by Vincent MEMBRÉ almost 2 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.3.2 which was released today.

Also available in: Atom PDF