[langsec-discuss] Langsec and Java Object Serialization
will.sargent at gmail.com
Wed Jan 6 05:42:23 UTC 2016
On Mon, Nov 9, 2015 at 7:37 PM, Andrew Ruef <munin at mimisbrunnr.net> wrote:
> I liked your writeup!
> this seems to be a case of one party telling another party “hey take this
> program from me and run it in the same security domain that you do,
> thanks.” it’s “the same security domain” that’s the problem (along with the
> lack of realization that this is what ObjectInputStream does). it’s also a
> problem when the mechanism for enforcing the security domain, like the JVM
> though, then this isn’t a problem. when is the security boundary good
> though? maybe seL4 is good enough, maybe quark.
I poked more at this whole "security domain" thing:
Although as far as I can tell, you should be running the JVM inside of
Docker, inside of a VM, inside of AppArmor and seccomp (whatever that is),
with a patched grsecurity kernel. And CoreOS is involved somehow.
The temptation to call it the Turducken Security Model is strong.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss