With this commit I'm trying to get JRuby more explicit about the security checks it requires to run. There are three parts to this commit:
Please let me know what you think. Assuming this gets merged in, I'd like to tackle test_load.rb next to provide some motivation to get rid of CompoundJar loader. ;)
Add security manager checks to openssl test
This is a very interesting commit. I will try to review it this week and see about getting it in.
We have long wanted to do a better job of integrating JVM security model with Ruby, including things like gracefully disabling features for which we do not have permissions, presenting a security API similar to the JVMs for Ruby use (disable eval, limit IO, restrict FFI binding of libraries, etc).
While I'm reviewing, maybe you could take another look over this. I think we will just merge this to master, since the functionality change is not immediately visible to a typical 1.7.x user, and this will fit into the plan of building a better security model for Ruby in JRuby.
Is there some design doc about the Ruby security API or at least collection of ideas?
I feel that this commit is useful anyway, since it allows to reproduce restricted flows in the tests, which can be handy to get a good grasp on required permissions even for JRuby flows. For example, it is a bit weird to me that to load OpenSSL one needs to write user.timezone, but I guess the cleanup can be deferred.
@kares @ratnikov Is this still valid? We've since moved these files and updated to newer versions from MRI.
As long the openssl still requires security manager checks, I think this commit is still valid. I believe my intention was to make sure that JRuby tests are conscious about what security manager checks are introduced.
some ~ explicit security manager checks for jruby/openssl
... transplanted from jruby/jruby#853
Finally - moved, with some tunings, into jruby-openssl, thanks Dmitry