Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8024206

Plugin: Require Permissions Attribute for High Security Setting

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b02
    • Verification:
      Verified

      Backports

        Description

        Requirement:
        Tighten the restrictions on the java plugin so that the use of the permissions attribute becomes mandatory rather than optional for systems running on the "high" (default) security level. The codebase attribute must remain optional.

        Background:

        As part of the tightening of security for running Java code through a web browser with 7u25 we introduced new attributes to an applications manifest to allow the developer to specify whether the application was meant to be deployed as requiring elevated permissions or as a sandbox application.

        The permissions attribute was optional. For this release we want to restrict the "high" (default) security level so that this attribute is required. The "codebase" attribute remains optional.

        A360: http://oracleplan.oracle.com/goto?ra_=entity&entityType=FEATURE&entityId=1117106

        Request from SQE for all feature descriptions for Jan CPU to include the following analysis:

        Sandeep Konchady added a comment - 2013-09-05 13:30 - Restricted to Confidential
        I would like for all features going into Jan CPU to have the following analysis and signed off by QE

        Summary
        -------

        Make permissions mandatory at the default security level helps to reduce repurposing of Jars.


        Success Metrics
        ---------------

        Verify that applications without the permissions attribute are blocked at High and Very High

        Motivation
        ----------

        Increase security (see Summary)

        Description
        -----------

        Set Default value SEC_PERMISSIONS_MANIFEST_REQUIRED_KEY to true (since default level is High and it's true at High).
        set the property explicitly to the new default
        set it true for high as well as very high level

        Alternatives
        ------------

        NA

        Testing
        -------

        Unit test is part of fix
        SQE tests will require updating to make sure application without Permission block at High and Very High Security level, but pass at Medium.

        Risks and Assumptions
        ---------------------

        Low Risk, mechanism for blocking based on security level is already in place, main change is simple table change

        Dependencies
        ------------

        none

        Impact
        ------

          - Compatibility: Different behaviour at default security level. Applications will break at default security level until developers update with Permissions attribute.
          - Security: More secure
          - User experience: Applications that haven't been updated will fail at default. May encourage uses to lower security level to Medium, countering other security measures.
          - TCK: Unknown. Should be run
          - Doc impact: need to let developers know that default requirements changing.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                mhowe Mark Howe (Inactive)
                Reporter:
                mwthomps Marty Thompson
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Due:
                  Created:
                  Updated:
                  Resolved: