Project

General

Profile

Bug #12450

JS sandbox permission must be defined in a file

Added by François ARMAND almost 2 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
User visibility:
Effort required:
Priority:
0

Description

As seen in #12447, #12448 and other, we need to be able to easely update required permission for the JS sandbox because they change massively between each (minof) jvm release.

For that, we need to defined our "java.policy" file and use it - but only for the javascript vm. There is hint about how to do that here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html and more particulary https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#DefaultLocs

But it seems that just setting "java.security.policy=someURL SomeApp" system property will affect all Rudder, which is not what we want.

Need some tests.


Related issues

Related to Rudder - Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity"ReleasedActions
Related to Rudder - Bug #12548: Java 9 / Java 10 compatibility: security exception for JS VMReleasedActions

Associated revisions

Revision 9470adf6 (diff)
Added by François ARMAND over 1 year ago

Fixes #12450: JS sandbox permission must be defined in a file

History

#1

Updated by François ARMAND almost 2 years ago

  • Related to Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity" added
#2

Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 4.1.11 to 4.1.12
#3

Updated by François ARMAND almost 2 years ago

  • Status changed from New to In progress
#4

Updated by François ARMAND almost 2 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/1921
#5

Updated by François ARMAND almost 2 years ago

  • Related to Bug #12548: Java 9 / Java 10 compatibility: security exception for JS VM added
#6

Updated by François ARMAND almost 2 years ago

  • Target version changed from 4.1.12 to 4.3.2

I'm retargeting that one to 4.3 because I'm not really at ease with the span of the change for 4.1.

#7

Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 4.3.2 to 410
#8

Updated by Benoît PECCATTE over 1 year ago

  • Target version changed from 410 to 4.3.2
#9

Updated by François ARMAND over 1 year ago

  • Status changed from Pending technical review to Pending release
#10

Updated by Vincent MEMBRÉ over 1 year ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.3.2 which was released today.

Also available in: Atom PDF