Have test_openssl.rb be explicit about security checks it adds #853

wants to merge 1 commit into


None yet

3 participants

ratnikov commented Jul 3, 2013

Hey all,

With this commit I'm trying to get JRuby more explicit about the security checks it requires to run. There are three parts to this commit:

  1. General framework of being able to set allowed security checks for tests.
  2. General security checks that are assumed to be required to get JRuby running (in test/security_helper.rb)
  3. Specific security checks required for test_openssl.rb to work.

Please let me know what you think. Assuming this gets merged in, I'd like to tackle test_load.rb next to provide some motivation to get rid of CompoundJar loader. ;)

headius commented Nov 17, 2013

This is a very interesting commit. I will try to review it this week and see about getting it in.

We have long wanted to do a better job of integrating JVM security model with Ruby, including things like gracefully disabling features for which we do not have permissions, presenting a security API similar to the JVMs for Ruby use (disable eval, limit IO, restrict FFI binding of libraries, etc).

headius commented Nov 17, 2013

While I'm reviewing, maybe you could take another look over this. I think we will just merge this to master, since the functionality change is not immediately visible to a typical 1.7.x user, and this will fit into the plan of building a better security model for Ruby in JRuby.


Is there some design doc about the Ruby security API or at least collection of ideas?

I feel that this commit is useful anyway, since it allows to reproduce restricted flows in the tests, which can be handy to get a good grasp on required permissions even for JRuby flows. For example, it is a bit weird to me that to load OpenSSL one needs to write user.timezone, but I guess the cleanup can be deferred.

headius commented Nov 2, 2016

@kares @ratnikov Is this still valid? We've since moved these files and updated to newer versions from MRI.

ratnikov commented Nov 2, 2016

As long the openssl still requires security manager checks, I think this commit is still valid. I believe my intention was to make sure that JRuby tests are conscious about what security manager checks are introduced.

@kares kares added this to the Non-Release milestone Nov 3, 2016
@kares kares added a commit to jruby/jruby-openssl that referenced this pull request Nov 3, 2016
@ratnikov @kares ratnikov + kares some ~ explicit security manager checks for jruby/openssl
... transplanted from jruby/jruby#853
kares commented Nov 3, 2016

Finally - moved, with some tunings, into jruby-openssl, thanks Dmitry

@kares kares closed this Nov 3, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment