Project

General

Profile

Bug #12450

JS sandbox permission must be defined in a file

Added by François ARMAND 8 months ago. Updated 6 months ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
User visibility:
Effort required:
Priority:
0

Description

As seen in #12447, #12448 and other, we need to be able to easely update required permission for the JS sandbox because they change massively between each (minof) jvm release.

For that, we need to defined our "java.policy" file and use it - but only for the javascript vm. There is hint about how to do that here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html and more particulary https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#DefaultLocs

But it seems that just setting "java.security.policy=someURL SomeApp" system property will affect all Rudder, which is not what we want.

Need some tests.


Related issues

Related to Rudder - Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity"Released
Related to Rudder - Bug #12548: Java 9 / Java 10 compatibility: security exception for JS VMReleased

Associated revisions

Revision 9470adf6 (diff)
Added by François ARMAND 7 months ago

Fixes #12450: JS sandbox permission must be defined in a file

History

#1 Updated by François ARMAND 8 months ago

  • Related to Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity" added

#2 Updated by Vincent MEMBRÉ 8 months ago

  • Target version changed from 4.1.11 to 4.1.12

#3 Updated by François ARMAND 8 months ago

  • Status changed from New to In progress

#4 Updated by François ARMAND 8 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/1921

#5 Updated by François ARMAND 8 months ago

  • Related to Bug #12548: Java 9 / Java 10 compatibility: security exception for JS VM added

#6 Updated by François ARMAND 8 months ago

  • Target version changed from 4.1.12 to 4.3.2

I'm retargeting that one to 4.3 because I'm not really at ease with the span of the change for 4.1.

#7 Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 4.3.2 to 410

#8 Updated by Benoît PECCATTE 7 months ago

  • Target version changed from 410 to 4.3.2

#9 Updated by François ARMAND 7 months ago

  • Status changed from Pending technical review to Pending release

#10 Updated by Vincent MEMBRÉ 6 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.3.2 which was released today.

Also available in: Atom PDF