[langsec-discuss] Langsec and Java Object Serialization

Will Sargent will.sargent at gmail.com
Wed Jan 6 05:42:23 UTC 2016

On Mon, Nov 9, 2015 at 7:37 PM, Andrew Ruef <munin at mimisbrunnr.net> wrote:

> I liked your writeup!
> this seems to be a case of one party telling another party “hey take this
> program from me and run it in the same security domain that you do,
> thanks.” it’s “the same security domain” that’s the problem (along with the
> lack of realization that this is what ObjectInputStream does). it’s also a
> problem when the mechanism for enforcing the security domain, like the JVM
> or a javascript interpreter, is busted. if the security boundary is good
> though, then this isn’t a problem. when is the security boundary good
> though? maybe seL4 is good enough, maybe quark.

I poked more at this whole "security domain" thing:

* https://tersesystems.com/2015/12/29/sandbox-experiment/

Although as far as I can tell, you should be running the JVM inside of
Docker, inside of a VM, inside of AppArmor and seccomp (whatever that is),
with a patched grsecurity kernel.  And CoreOS is involved somehow.

The temptation to call it the Turducken Security Model is strong.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20160105/f00921ae/attachment.html>

More information about the langsec-discuss mailing list