Project

General

Profile

Actions

Bug #12450

closed

JS sandbox permission must be defined in a file

Added by François ARMAND over 6 years ago. Updated over 6 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

As seen in #12447, #12448 and other, we need to be able to easely update required permission for the JS sandbox because they change massively between each (minof) jvm release.

For that, we need to defined our "java.policy" file and use it - but only for the javascript vm. There is hint about how to do that here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html and more particulary https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#DefaultLocs

But it seems that just setting "java.security.policy=someURL SomeApp" system property will affect all Rudder, which is not what we want.

Need some tests.


Related issues 2 (0 open2 closed)

Related to Rudder - Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity"ReleasedVincent MEMBRÉActions
Related to Rudder - Bug #12548: Java 9 / Java 10 compatibility: security exception for JS VMReleasedVincent MEMBRÉActions
Actions #1

Updated by François ARMAND over 6 years ago

  • Related to Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity" added
Actions #2

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 4.1.11 to 4.1.12
Actions #3

Updated by François ARMAND over 6 years ago

  • Status changed from New to In progress
Actions #4

Updated by François ARMAND over 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/1921
Actions #5

Updated by François ARMAND over 6 years ago

  • Related to Bug #12548: Java 9 / Java 10 compatibility: security exception for JS VM added
Actions #6

Updated by François ARMAND over 6 years ago

  • Target version changed from 4.1.12 to 4.3.2

I'm retargeting that one to 4.3 because I'm not really at ease with the span of the change for 4.1.

Actions #7

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 4.3.2 to 410
Actions #8

Updated by Benoît PECCATTE over 6 years ago

  • Target version changed from 410 to 4.3.2
Actions #9

Updated by François ARMAND over 6 years ago

  • Status changed from Pending technical review to Pending release
Actions #10

Updated by Vincent MEMBRÉ over 6 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.3.2 which was released today.

Actions

Also available in: Atom PDF