All geek questions in one place

Java stack introspection

I was hoping someone could help me with the following:

My understanding of the introspection of the java stack (perhaps a little simplified here) is that the process creates a stack frame, which is then added to the stack. Now, when the process needs to make a system call, the stack introspection algorithm checks if the main one (that is, the process that is trying to access the resource) is allowed to use the specific resource, and then annotates the frame accordingly (granting or denying access).

My questions:

  • Is this right or am I missing something?
  • How does the JVM decide to grant or restrict access? Does the user participate in this solution?
  • This study provides an example (Figure 2) in which a frame inherits /, the "set of faith" of the previous frame is reported! What prevents the execution of malicious code in this example (i.e., gain access to a resource that you should not have access to)?
+6
source share
1 answer

How does the JVM decide to grant or restrict access? Does the user participate in this solution?

It delegates to the currently installed SecurityManager .

Is this correct, or am I missing something?

SecurityManager can peek at the stack or use other criteria. SecurityManager associated with applets that run in the browser introspects in such a way that it is correct in at least one domain.

This study shows an example (Figure 2) in which a frame inherits /, the "set of faith" of the previous frame is reported! What prevents the execution of malicious code in this example (i.e., gain access to a resource that you should not have access to)?

Nothing. Java security is a mess, and many recommend disabling Java in browsers, as they have been recently used by several legitimate sites.

"Sun Java is by far the most vulnerable plugin" since 2010.

+3
source

Source: https://habr.com/ru/post/910425/

More articles:


All Articles