I recently wrote a POC to block Runtime.exec, I'd like it if I could get some feed back/bug reports on it, if it doesn't block/work for your JVM/OS (windows only checking for now, but it still should work on *nix), please report it to me ASAP so I can fix it.

https://github.com/Konloch/JVM-Sandbox

To run it simply download the zip file, execute either the .bat or .sh file, load the jar you want to test or use the testing jar included in the zip, set the correct main class (you can use BCV to get the main class name, or just open the jar as a zip and nativate to META-INF/MANIFEST.MF).

Then click the 'invoke' button and it'll be done, if all works it should be blocking Runtime.exec for that program.

Again, this was just a quick POC I threw together, the final version will be in BCV 2.7.0.

What about JNI? And Process instances? There are actually a lot of unsafe operations that can be performed without Runtime.exec. I'd recommend coupling this with a SecurityManager.

What about JNI? And Process instances? There are actually a lot of unsafe operations that can be performed without Runtime.exec. I'd recommend coupling this with a SecurityManager.

This is just a POC, I'm planning on expanding the protection further with BCV 2.7.0.