river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michal Kleczek (JIRA)" <j...@apache.org>
Subject [jira] Updated: (RIVER-362) Denial of Service during unmarshalling of smart proxy's
Date Tue, 19 Oct 2010 11:05:27 GMT

     [ https://issues.apache.org/jira/browse/RIVER-362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Michal Kleczek updated RIVER-362:

    Attachment: river-modules.zip

I've managed to create a prototype implementation of the idea of annotating 
classes with Modules.
Working on this allowed me to learn quite a lot about inner workings of River 
- the original implementation that I've presented before had to be modified 
(not saying it had to be fixed :) ) but the main idea stayed the same. This 
time I think it really covers more use cases.

1. We allow annotating classes with Modules. A Module is an object responsible 
for loading classes.
2. There is a new RMIClassLoaderSpi implementation which I called 
3. ModuleClassProvider manages installed Modules
4. It also can load classes based on String annotations which are expected to 
be either
a) serialized and Base64 encoded Module - the Module is deserialized and 
handled as any other Module annotation
b) an old style list of URLs - class loading is delegated to 
RequireDlPermProvider - in other words we either load classes from Modules 
(which are verified for trust before use) or from URLs but then we require 
appropriate DownloadPermissions

Attached is a multi-module maven project. The modules are:
1. secure-marshall-stream (which is the implementation of all this + some not 
yet finished additional code)
2. jsk-module-platform which contains modified Jini classes so that it all 
works with existing Jini services (to be honest only ClassLoading really 
needed to change. MarshalInputStream/MarshalOutputStream/MarshalledInstance 
are changed only to avoid having serialized and Base64 encoded Modules as 

To run it you need to put jsk-module-platform before jsk-platform on the 
classpath (and of course add secure-marshall-stream as well)

Existing services can be exported with a ModuleExporter:

    private serviceILFactory =
        new ProxyTrustILFactory(serviceConstraints,
    private moduleTrustILFactory =
        new ModuleTrustILFactory(serviceConstraints,

    serverExporter = new ModuleExporter(new BasicJeriExporter(serviceEndpoint, 
serviceILFactory), new BasicJeriExporter(serviceEndpoint, 

> Denial of Service during unmarshalling of smart proxy's
> -------------------------------------------------------
>                 Key: RIVER-362
>                 URL: https://issues.apache.org/jira/browse/RIVER-362
>             Project: River
>          Issue Type: Bug
>         Environment: Untrusted networks
>            Reporter: Peter Firmstone
>         Attachments: river-modules.zip
> During unmarshalling of smart proxy's there's a period before the proxy has been verified
(authenticated) where deserialization methods are executed on untrusted code, the potential
exists for untrusted code to perform denial of service.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message