Runtime.exec()的安全问题 [英] Security Concerns with Runtime.exec()

问题描述

我正在使用Runtime.exec()运行可执行文件.我一直在研究，发现在应用程序中使用它时可能存在安全隐患.使用Runtime.exec()运行可执行文件时是否存在任何安全方面的考虑?

I am using Runtime.exec() to run an executable file. I have been researching and found out that there could be security concerns when using this in a application. Are there any security concerns when using Runtime.exec() to run an executable file?

推荐答案

我能想到的最大的方法是

The biggest one I can think of is Command Injection. YOu want to whitelist what gets run so someone can't run "rm /" via your Runtime.exec. There are more ways for this to happen than you might think. For example what if a "directory" name is passed in as "foo; rm -r ; ls".

另一个(如果是Web应用程序)是该应用程序的权限(因此，您的Runtime.exec()命令行与单击该网页的人的权限不同)，这意味着该人可以删除您的Tomcat或将数据插入数据库或...

Another one - if this is a web application - is that the permissions for the application (and therefore your Runtime.exec() command line aren't the same as what the person hitting the web page has. Which means the person could delete your Tomcat or insert data into a database or ...

这篇关于Runtime.exec()的安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！