I have a system written on Java. It's exchanging with another system using protocol upon rs485 that has a GPS receiver. So i can query time from java program and another system returns current time from GPS receiver. Using special timestamps i can compute transmission delay like in SNTP and set system time.
The question is: what is the simplest way to set the system time on windows machine from Java program?
I've two ideas:
1) writing shell script, that is called from java code and sets current system time using DATE and TIME commands. Things i don't like: two command usage and setting system time is an admin procedure that turns on UAC user confirmation;
2) implementing a Time Provider dll (using API in Microsoft doc reference). Java program will exchange with code in dll using simple protocol using IPC or some IP based transport. So setting system time is the w32tm service responsibility. But this idea seems too complex.
P.S. in future this question may arise for java system deployed on Linux computers.
Any ideas?
Related
I'm running a J2SE application that is somewhat trusted (Minecraft) but will likely contain completely un-trusted (and likely even some hostile) plugins.
I'd like to create a plugin that can access the GPIO pins on the Raspberry PI.
Every solution I've seen requires that such an app be given sudo-superpowers because gpio is accessed through direct memory access.
It looks like the correct solution is to supply a command-line option like this:
-Djava.security.policy=java.policy
which seems to default you to no permissions (even access to files and high ports), then add the ones your app needs back in with the policy file.
In effect you seem to be giving Java "sudo" powers and then trusting java's security model to only give appropriate powers out to various classes. I'm guessing this makes the app safe to run with sudo--is this correct?
Funny that I've been using Java pretty much daily since 1.0 and never needed this before... You learn something new every day.
[Disclaimer: I'm not very convinced by the Java security model.]
The way I would solve this is to have the code that needs to access the hardware run as a separate privileged process, then have your Java application run as an unprivileged process and connect to the privileged process to have it perform certain actions on its behalf.
In the privileged process, you should check with maximum distrust each request whether it is safe to execute. If you are afraid that other unprivileged processes might connect to the daemon too and make it execute commands it shouldn't, you could make its socket owned by a special group and setgid() the Java application to that group by a tiny wrapper written in C before it is started.
Unix domain sockets are probably the best choice but if you want to chroot() the Java application, a TCP/IP socket might be needed.
I am writing a server application with Java servlets and at some point, a Python script that was uploaded by a user has to be executed. Is it possible to create a process with restrictions like only beeing able to access a certain directory (probably using ProcessBuilder)?
I already had a look at pysandbox, but I am not sure if this alone is a safe enough measure when executing an unknown Python script.
All the script has to do is process a given String using certain libraries and return a String using the print function.
Is my approach correct or is there a better way to execute an unknown script?
As a forward to my answer, whitelisting and blacklisting only go so far and are proven easily broken by the most determined of hackers. Don't bother with these styles of security.
About as safe as you are going to get is to use pypy-sandbox it creates an OS level sandbox and tries to isolate processes that could lead to nasty execution.
For real security you probably want something more like this following model.
Using SELinux as the host fire up a virtual machine running SELinux
Disable all ports except for SSH and ensure patches are up to date
Upload the code to a non executable directory.
Chroot and ulimit all the things
Execute the code through pypy-sandbox
Destroy the machine when execution is complete
Or maybe I am just paranoid.
Is there a platform independent possibility for Java programs to receive APM or ACPI events when the system goes into standby mode or hibernation - and again when it returns from these modes?
(So that one has the possibility to e.g. delete a half written file on a network drive, before the system goes down?)
This seems like it requires direct interaction with the operating system. Unless this capability is added to the java api, you can't do it in a platform-independent way. You could write native methods for this purpose, but you must rewrite them for different platforms.
My program is a distributed software for a small laboratory. It is written in java but because during daytime the computers are used, I have to manually restart it in the evening. I would solve the problem by starting it from a service every time the computer is started but I need a mechanism to detect:
1) user input(mouse, keyboard etc.)
2) user logon
Detecting any user input from java it is not possible. Is there any framework for something like this?
Detecting user input from Java is possible, but not with standard tecnologies. Considering the excellent example of aTunes, you can do it using, depending upon your platform
JIntelliType on Windows
JXGrabKey on Linux
Considering your other question, I would use native abilities of client OSes to better handle your problem. First thing is to make your Java process lower priority. This way, it will run all time long, without having the user blocked by it. I would also force this program to stop when CPU load is over a given target. This can be achieved using JMX, as this previous question explains.
I want to make a java program that must run for a specific number of times only. e.g 2,5,10 etc. after that it must throw an Exception.
It is not allowed to use any FILE or Database for this. Someone gave me a hint of REGISTRY! But i don't know how to use it for this.
Please help me is this regard...
You can use java preferences (registry on windows) :
http://download.oracle.com/javase/6/docs/api/java/util/prefs/Preferences.html
You can find some sample usage here:
http://www.particle.kth.se/~lindsey/JavaCourse/Book/Part1/Java/Chapter10/Preferences.html
Whether this problem is solvable depends on what is meant by "any FILE or Database".
Depending on your point of view, the Windows Registry is a kind of file / database. Certainly, the only reason that values stay in the registry over a reboot is because registry changes are written to disc.
You can move state (such as a count of the number of times an application has been run) to some other service on the local machine. But once again, unless the service saves that state to disc (or some other stable storage medium) it will be lost is the local machine reboots.
You can move state to a service on a remote machine, but once again it may be lost if not saved to disc, etc. Moreover, you may not be able contact that remote service at the time you need the state; e.g. when starting the application.
You can copy the state to lots of remote services without discs, but a network failure (or the user unplugging from the network) will stop you accessing the state.
So to summarize, if you cannot write to disc (or nvram, tape, etc) locally, you cannot guarantee that the counter won't get reset, and that it will be available when needed. Therefore you cannot guarantee that the application won't be run more times than is allowed.
I imagine that you are trying to come up with some limited use scheme that users cannot subvert; e.g. by deleting stuff from the file / database / whatever that counter. Unfortunately, unless you physically control BOTH the hardware AND the operating system on which the application runs, you cannot prevent someone from subverting any counter stored on the machine itself. Anyone with "root" or full administrator rights, or with physical access, can ultimately change any data on the machine itself.
The best you can do is establish a secure connection to a remote server and use that to hold the usage counter. But even that is futile, because a motivated person can reverse engineer the critical part of your application and disable the code that checks the counter.
If the app. has a GUI, it can be launched using Java Web Start and use the PersistenceService. Here is a small demo. of the PersistenceService. The code is available for download.
Edit:
And the PersistenceService should work on any machine that has a JRE, as opposed to just Windows.
Even though this sounds like an attempt at copy protection, you may want to consider self-modifying code. There is an interesting discussion on this subject in Java here: Self modifying code in Java