Project

General

Profile

Actions
Copy link

Bug #12450

closed

JS sandbox permission must be defined in a file

Added by François ARMAND over 6 years ago. Updated over 6 years ago.

Status:
Released
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
Security
Target version:
4.3.2
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

As seen in #12447, #12448 and other, we need to be able to easely update required permission for the JS sandbox because they change massively between each (minof) jvm release.

For that, we need to defined our "java.policy" file and use it - but only for the javascript vm. There is hint about how to do that here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html and more particulary https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#DefaultLocs

But it seems that just setting "java.security.policy=someURL SomeApp" system property will affect all Rudder, which is not what we want.

Need some tests.

Related issues 2 (0 open2 closed)

Related to Rudder - Bug #12448: Failed generation with "Could not initialize class javax.crypto.JceSecurity"ReleasedVincent MEMBRÉActions
Related to Rudder - Bug #12548: Java 9 / Java 10 compatibility: security exception for JS VMReleasedVincent MEMBRÉActions
Actions
Copy link

Also available in: Atom PDF