glassfish
  1. glassfish
  2. GLASSFISH-11416

When deploying jruby apps using the jruby deployer, no granted.policy is generated to set app-specific permissions

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: V3
    • Fix Version/s: future release
    • Component/s: jruby
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

      Description

      1) I want to run multiple jruby applications on 1 domain.
      2) I want to use glassfish v3's directory/jruby container based deployment
      instead of creating a .war file.
      3) I don't want the applications to be able to read/write each other's
      sourcecode in case 1 application gets hacked.
      4) I also want to be able to deploy new applications (with their own policy)
      without having to restart the domain (which will take down all apps for a few
      seconds).

      Since server.policy changes require the domain to restart (breaking 4), I would
      like to use domains/domain1/generated/policy/myapp/granted.policy
      It appear this file is not generated/available for applications deployed using
      the jruby container.

      This forces me to either deploy the old way, or leave my apps insecure, or have
      domain-restarts affecting other apps.

      I think it would be nice if the jruby container based deployment would behave
      like other containers regarding security (policy generation).

      Now I don't know if this defect should be fixed by the security team or by the
      jruby container developers, so I just picked 1.

      Thanks for any feedback/fixes/workarounds in the meantime.
      Mathijs

        Activity

        Hide
        bluescreen303 added a comment -

        to clearify myself a bit:

        I'm only talking about filesystem permissions.
        Since ruby apps are scripts, they are just plain text files.
        Default glassfish install (even with security manager on) is to allow all
        read/writes to all files/dirs. This will allow 1 hacked/bad app to change other
        apps code/config, which makes it easy to disable security checks in them so they
        can get hacked too.
        Since glassfish (+ all apps) run under the same (os) user, I can't protect
        against this by just changing file access permissions on the OS level.
        Also, since (looking from java) the codeBase is jruby-home (and not the
        directory containing the ruby source files), it's impossible to set different
        policies for different apps using server.policy.
        This means I need to use per-app policy files or leave all apps open to the
        attack mentioned above.

        This means that for now I still need to use .war based deployment, where per
        app granted.policy is available, but complicating lots of things (migrations,
        user uploads) that the ruby container was good for.

        Show
        bluescreen303 added a comment - to clearify myself a bit: I'm only talking about filesystem permissions. Since ruby apps are scripts, they are just plain text files. Default glassfish install (even with security manager on) is to allow all read/writes to all files/dirs. This will allow 1 hacked/bad app to change other apps code/config, which makes it easy to disable security checks in them so they can get hacked too. Since glassfish (+ all apps) run under the same (os) user, I can't protect against this by just changing file access permissions on the OS level. Also, since (looking from java) the codeBase is jruby-home (and not the directory containing the ruby source files), it's impossible to set different policies for different apps using server.policy. This means I need to use per-app policy files or leave all apps open to the attack mentioned above. This means that for now I still need to use .war based deployment, where per app granted.policy is available, but complicating lots of things (migrations, user uploads) that the ruby container was good for.
        Hide
        kumarjayanti added a comment -

        There needs a discussion between security team and jruby container team to see how to solve this.

        Show
        kumarjayanti added a comment - There needs a discussion between security team and jruby container team to see how to solve this.

          People

          • Assignee:
            kumarjayanti
            Reporter:
            bluescreen303
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: