在运行用户提供的Java代码时，我应该防范哪些安全风险？ [英] What are the security risks I should guard against when running user-supplied Java code?

问题描述

是否有关于在服务器上运行用户提供的Java代码的安全问题的完整列表？我已经

Is there a comprehensive list of the security issues with running user-supplied Java code on a server? I'm already

• 使用10秒的超时


• 在一个单独的流程中运行代码可用内存


• 使用SecurityMangager阻止文件和网络IO


• 在文件系统权限极为有限的帐户下运行代码

• using timeouts of 10 seconds
• running code in a separate process with limited available memory
• using SecurityMangager to prevent File and Network IO
• running code under an account with extremely limited filesystem permissions

如果重要的话，我在FreeBSD服务器上运行它。

I'm running this on a FreeBSD server if that matters.

推荐答案

看起来是一个非常好的开始 - 安全管理器对于沙箱化一大堆你没有明确提及的东西是必不可少的（比如阻止用户禁用安全管理器，当然，并且能够调用任意命令，或使用本机代码，或获取操作系统执行文件等）。我假设您从零权限开始，只是授予所需的显式权限。

Looks like a very good start - Security Manager is essential for sandboxing a whole bunch of other stuff you don't mention explicitly (like preventing the user from disabling the Security Manager, of course, and being able to invoke arbitrary commands, or use native code, or get the OS to exec files etc). I assume you are starting from zero permissions and just granting the explicit permissions needed.

安全管理器无法通过过多的资源使用来处理拒绝服务，但是其他控件可能解决这个问题（防止网络连接，控制磁盘使用，超时以防止CPU占用 - 如果超出你的意思）。

Security Manager can't deal with denial-of-service through excessive resource usage, but your other controls probably address this (prevent network connections, control disk usage, timeouts to prevent CPU hogging - if that's what you meant by timeouts).

你说文件系统非常有限权限 - 希望这还包括磁盘配额？你在运行多个不受信任的进程，它们共享磁盘空间吗？耗尽文件句柄可能是一个问题（不确定如何管理这些有限的帐户）。

You say "extremely limited filesystem permissions" - hopefully this also includes disk quota? are you running multiple untrusted processes, and do they share disk space? Running out of file handles might be an issue (not sure how these are managed for a limited account).

仍然偶尔会出现JVM漏洞，因此风险取决于什么其他是在服务器上，问题的实际后果是什么（如果你必须擦除服务器有多糟糕？）。

There are still occasional JVM vulnerabilities, so the risk depends on what else is on the server, and what the consequences of a problem actually are (how bad is it if you have to wipe the server?).

参见：防范Java应用程序中恶意代码的沙箱和在服务器上执行外部Java源代码 - 限制安全性和资源？

这篇关于在运行用户提供的Java代码时，我应该防范哪些安全风险？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！