las2peer sandboxing

With the upcoming release las2peer will be executed inside a Java native sandbox.

First of all the sandbox will block file access to system files and user data on the system. Most files inside a las2peer folder are readable to the (service-)code executed on the local node. In detail the file access can be configured in the etc/las2peer.policy file.

If your project doesn’t have a policy file, las2peer will automatically create a copy from the policy file shipped within las2peers jar.

Furthermore the sandbox can limit network access. This gives the node maintainer the possibility to restrict whether a port is used for las2peer or not. Especially a malicious service can’t block other system services like HTTP or IMAP, by opening those ports without explicit permission.

Last but not least the security manager performs some checks to protect itself. First of with restriction to overwrite the security manager during runtime. Additionally file access to the policy file during runtime is blocked too. And finally changing the classpath e.g. adding further directories is not allowed during runtime.

For integration all functions are covered by a Junit test and checked with each test run.

UPDATE:
We decided to disable the sandbox by default. Nevertheless we strongly recommend to use the sandbox for permanent deployments. Please adapt the policy file to your system and make use of the Junit sandbox test in src/test/java/i5/las2peer/security/SandboxTest.java If you experience issues with the sandbox, please search the log and output for blocked permissions.

About the author: Thomas Cujé