Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Safely Run Java Programs - JVM Sandbox
#1
I recently wrote a POC to block Runtime.exec, I'd like it if I could get some feed back/bug reports on it, if it doesn't block/work for your JVM/OS (windows only checking for now, but it still should work on *nix), please report it to me ASAP so I can fix it.

https://github.com/Konloch/JVM-Sandbox

To run it simply download the zip file, execute either the .bat or .sh file, load the jar you want to test or use the testing jar included in the zip, set the correct main class (you can use BCV to get the main class name, or just open the jar as a zip and nativate to META-INF/MANIFEST.MF).

Then click the 'invoke' button and it'll be done, if all works it should be blocking Runtime.exec for that program.

Again, this was just a quick POC I threw together, the final version will be in BCV 2.7.0.
Reply
#2
What about JNI? And Process instances? There are actually a lot of unsafe operations that can be performed without Runtime.exec. I'd recommend coupling this with a SecurityManager.
Reply
#3
(01-17-2015, 02:53 PM)DarkStorm Wrote:  What about JNI? And Process instances? There are actually a lot of unsafe operations that can be performed without Runtime.exec. I'd recommend coupling this with a SecurityManager.

This is just a POC, I'm planning on expanding the protection further with BCV 2.7.0.
Reply
 


Forum Jump:


Users browsing this thread: 3 Guest(s)

About The Bytecode Club

We're a community forum focused on Reverse Engineering, we try to target Java/Android but we also include other langauges/platforms. We pride ourselves in supporting and free and open sourced applications.

Website