river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michal Kleczek (JIRA)" <j...@apache.org>
Subject [jira] Updated: (RIVER-362) Denial of Service during unmarshalling of smart proxy's
Date Tue, 19 Oct 2010 11:05:27 GMT

     [ https://issues.apache.org/jira/browse/RIVER-362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michal Kleczek updated RIVER-362:
---------------------------------

    Attachment: river-modules.zip

I've managed to create a prototype implementation of the idea of annotating 
classes with Modules.
Working on this allowed me to learn quite a lot about inner workings of River 
- the original implementation that I've presented before had to be modified 
(not saying it had to be fixed :) ) but the main idea stayed the same. This 
time I think it really covers more use cases.

Shortly:
1. We allow annotating classes with Modules. A Module is an object responsible 
for loading classes.
2. There is a new RMIClassLoaderSpi implementation which I called 
ModuleClassProvider
3. ModuleClassProvider manages installed Modules
4. It also can load classes based on String annotations which are expected to 
be either
a) serialized and Base64 encoded Module - the Module is deserialized and 
handled as any other Module annotation
b) an old style list of URLs - class loading is delegated to 
RequireDlPermProvider - in other words we either load classes from Modules 
(which are verified for trust before use) or from URLs but then we require 
appropriate DownloadPermissions

Attached is a multi-module maven project. The modules are:
1. secure-marshall-stream (which is the implementation of all this + some not 
yet finished additional code)
2. jsk-module-platform which contains modified Jini classes so that it all 
works with existing Jini services (to be honest only ClassLoading really 
needed to change. MarshalInputStream/MarshalOutputStream/MarshalledInstance 
are changed only to avoid having serialized and Base64 encoded Modules as 
annotations

To run it you need to put jsk-module-platform before jsk-platform on the 
classpath (and of course add secure-marshall-stream as well)

Existing services can be exported with a ModuleExporter:

    private serviceILFactory =
        new ProxyTrustILFactory(serviceConstraints,
                                RegistrarPermission.class);
    private moduleTrustILFactory =
        new ModuleTrustILFactory(serviceConstraints,
                                null);

    serverExporter = new ModuleExporter(new BasicJeriExporter(serviceEndpoint, 
serviceILFactory), new BasicJeriExporter(serviceEndpoint, 
moduleTrustILFactory));

> Denial of Service during unmarshalling of smart proxy's
> -------------------------------------------------------
>
>                 Key: RIVER-362
>                 URL: https://issues.apache.org/jira/browse/RIVER-362
>             Project: River
>          Issue Type: Bug
>         Environment: Untrusted networks
>            Reporter: Peter Firmstone
>         Attachments: river-modules.zip
>
>
> During unmarshalling of smart proxy's there's a period before the proxy has been verified
(authenticated) where deserialization methods are executed on untrusted code, the potential
exists for untrusted code to perform denial of service.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message