Is it possible to avoid jvm security by using JNI?
Question
I have been thinking about the way jvm security works. The principle is that jvm always trusts and runs any native code. So, conceptually if your code does not call checkpermission(permission) whether explicitly or implicitly, it means it will never fail any security validation. Of course, all of these validation calls are usually done in Java API classes so we don't need to call them ourselves for built-in permissions.
Now, as long as you use built-in classes like FileOutputStream , your code is always a subject to permission check. But after thinking for a while I wonder if it is possible to avoid security checks by using Java Native Interface to run c++ code.
Imagine you import some jar that instead of using FileOutputStream to write to a file uses some hand-crafted JNI that binds to file-writing C++ program (which obviously doesn't call any checkpermission() ). Based on the question " How to bundle a native library and a JNI library inside a JAR? ", I understood that it is possible to bundle everything in a nice malicious jar. So, any code using this jar is not safe anymore since no security validation happens when executing code from the jar. This implies that this c++ program can effectively overwrite all of the files for which the process running jvm has write permissions.
Is it correct way of thinking and it is something intended or am I missing something?
1 answers
solution1
5 ACCPTED 2020-04-12 21:27:57
You are right that the native code is out of JVM control. If Java security manager allows loading a JNI library, treat it as if there is no security manager at all.
That's why, if using SecurityManager, it's important not to grant loadLibrary.* permission .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.