限制Java只执行签名的jar? [英] Restrict java to only execute signed jars?

问题描述

可以使用JDK jarsigner工具对Java jar进行签名.结合policytool来看，这似乎仅允许您在jar运行时为其添加特权.我想要一个默认的撤消访问权限以运行".是否有可能使Java列入白名单，从而只允许运行已由一组特定证书签名的jar文件?

Java jars can be signed with the JDK jarsigner tool. This, in conjuction with the policytool, appears to only allow you to add privileges to the jar when it is run. I would like a default "Revoke access to run." Is it possible to make java do white-listing in such a way that only jar files that have been signed by a certain set of certificates are allowed to run at all?

推荐答案

据我了解，这是您可以控制的计算机.使用

As I understand, this is on your computer you can control. Use

 java -Djava.security.manager YourApplication

启动应用程序时.这将安装默认的安全管理器，该管理器可以通过策略进行配置文件.策略文件允许按行配置每个签名者或每个代码库的权限

when starting the application. This installs the default security manager that can be configured through policy files. Policy files allow to configure permissions per signer or per code base along the lines

  grant signedBy "me" {
      permission java.io.FilePermission "/home/me/*", "read,write";
  };

在各种可能的权限之间，我目前看不到完全运行"的权限，但是看来您可以完全禁用网络访问和文件系统访问.

Between various possible permissions, I currently do not see a permission to "run at all" but it seems you can completely disable both networking and filesystem access.

如果您有可能运行自己的外部决策者应用程序(启动还是不启动)，则可以将代码中的签名验证为

If you have possibility to run your own external application that is a decision maker (to launch or not to launch), you can verify the signature from your code as already discussed.

此外，您还可以使用-verify开关围绕jarsigner编写包装器，如

Also, you can write a wrapper around jarsigner with the -verify switch, as documented here:

jarsigner -verify -keystore mystore hackerApplication.jar 

并使用类似于bash的包装器捕获输出中的"smk".

and capture the "smk" in the output, using some bash-like wrapper.

这篇关于限制Java只执行签名的jar?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！