As part of our requirements, we need to upload some files to database. Is there any way we can do virus scan on those files before saving them to database.
I personally use Free AVG as my anti-virus program on my Windows machine. It comes with a command-line scanning utility which allows you to scan files manually. This could easily be executed from Java code.
I am sure some of the other anti-virus applications also come with command-line versions of their scanners. Any of these would be easily executed from Java code.
If you are on a UNIX machine, you may want to question this requirement of virus scanning since UNIX viruses are very rare and the effective ones are not easily detectable by anti-virus software. The value of such a feature may be non-existent.
Your server is probably not at risk from viruses; however, you probably want to check the files anyway - it is entirely possible for a Windows-using client to upload an infected file, and another Windows-using client to download it and infect themselves. By checking for malware at the server, you could stop it from spreading - so the net result is positive, even if the malware doesn't attack your server directly.
If your server runs something UN*X-ish (Linux, BSD, ...), you may want to look at ClamAV, and its Java bindings, clamavj: these provide various scan capabilities (e.g. on-demand or automatic in a given location), even for different-platform malware (e.g. you can check for Windows viruses, even though your server runs Linux).
Related
I'm running a J2SE application that is somewhat trusted (Minecraft) but will likely contain completely un-trusted (and likely even some hostile) plugins.
I'd like to create a plugin that can access the GPIO pins on the Raspberry PI.
Every solution I've seen requires that such an app be given sudo-superpowers because gpio is accessed through direct memory access.
It looks like the correct solution is to supply a command-line option like this:
-Djava.security.policy=java.policy
which seems to default you to no permissions (even access to files and high ports), then add the ones your app needs back in with the policy file.
In effect you seem to be giving Java "sudo" powers and then trusting java's security model to only give appropriate powers out to various classes. I'm guessing this makes the app safe to run with sudo--is this correct?
Funny that I've been using Java pretty much daily since 1.0 and never needed this before... You learn something new every day.
[Disclaimer: I'm not very convinced by the Java security model.]
The way I would solve this is to have the code that needs to access the hardware run as a separate privileged process, then have your Java application run as an unprivileged process and connect to the privileged process to have it perform certain actions on its behalf.
In the privileged process, you should check with maximum distrust each request whether it is safe to execute. If you are afraid that other unprivileged processes might connect to the daemon too and make it execute commands it shouldn't, you could make its socket owned by a special group and setgid() the Java application to that group by a tiny wrapper written in C before it is started.
Unix domain sockets are probably the best choice but if you want to chroot() the Java application, a TCP/IP socket might be needed.
I am writing a server application with Java servlets and at some point, a Python script that was uploaded by a user has to be executed. Is it possible to create a process with restrictions like only beeing able to access a certain directory (probably using ProcessBuilder)?
I already had a look at pysandbox, but I am not sure if this alone is a safe enough measure when executing an unknown Python script.
All the script has to do is process a given String using certain libraries and return a String using the print function.
Is my approach correct or is there a better way to execute an unknown script?
As a forward to my answer, whitelisting and blacklisting only go so far and are proven easily broken by the most determined of hackers. Don't bother with these styles of security.
About as safe as you are going to get is to use pypy-sandbox it creates an OS level sandbox and tries to isolate processes that could lead to nasty execution.
For real security you probably want something more like this following model.
Using SELinux as the host fire up a virtual machine running SELinux
Disable all ports except for SSH and ensure patches are up to date
Upload the code to a non executable directory.
Chroot and ulimit all the things
Execute the code through pypy-sandbox
Destroy the machine when execution is complete
Or maybe I am just paranoid.
Is there a platform independent possibility for Java programs to receive APM or ACPI events when the system goes into standby mode or hibernation - and again when it returns from these modes?
(So that one has the possibility to e.g. delete a half written file on a network drive, before the system goes down?)
This seems like it requires direct interaction with the operating system. Unless this capability is added to the java api, you can't do it in a platform-independent way. You could write native methods for this purpose, but you must rewrite them for different platforms.
I want to make a java program that must run for a specific number of times only. e.g 2,5,10 etc. after that it must throw an Exception.
It is not allowed to use any FILE or Database for this. Someone gave me a hint of REGISTRY! But i don't know how to use it for this.
Please help me is this regard...
You can use java preferences (registry on windows) :
http://download.oracle.com/javase/6/docs/api/java/util/prefs/Preferences.html
You can find some sample usage here:
http://www.particle.kth.se/~lindsey/JavaCourse/Book/Part1/Java/Chapter10/Preferences.html
Whether this problem is solvable depends on what is meant by "any FILE or Database".
Depending on your point of view, the Windows Registry is a kind of file / database. Certainly, the only reason that values stay in the registry over a reboot is because registry changes are written to disc.
You can move state (such as a count of the number of times an application has been run) to some other service on the local machine. But once again, unless the service saves that state to disc (or some other stable storage medium) it will be lost is the local machine reboots.
You can move state to a service on a remote machine, but once again it may be lost if not saved to disc, etc. Moreover, you may not be able contact that remote service at the time you need the state; e.g. when starting the application.
You can copy the state to lots of remote services without discs, but a network failure (or the user unplugging from the network) will stop you accessing the state.
So to summarize, if you cannot write to disc (or nvram, tape, etc) locally, you cannot guarantee that the counter won't get reset, and that it will be available when needed. Therefore you cannot guarantee that the application won't be run more times than is allowed.
I imagine that you are trying to come up with some limited use scheme that users cannot subvert; e.g. by deleting stuff from the file / database / whatever that counter. Unfortunately, unless you physically control BOTH the hardware AND the operating system on which the application runs, you cannot prevent someone from subverting any counter stored on the machine itself. Anyone with "root" or full administrator rights, or with physical access, can ultimately change any data on the machine itself.
The best you can do is establish a secure connection to a remote server and use that to hold the usage counter. But even that is futile, because a motivated person can reverse engineer the critical part of your application and disable the code that checks the counter.
If the app. has a GUI, it can be launched using Java Web Start and use the PersistenceService. Here is a small demo. of the PersistenceService. The code is available for download.
Edit:
And the PersistenceService should work on any machine that has a JRE, as opposed to just Windows.
Even though this sounds like an attempt at copy protection, you may want to consider self-modifying code. There is an interesting discussion on this subject in Java here: Self modifying code in Java
I have a Java project that uses the Bluecove Library, this library requires root privileges to do certain actions that I require in my project. I should note here that despite the project being Java based it is for Linux only.
The project will have many functions that do not require root privileges, some of which will have to interact with the root privilege functions and some that will not.
Additionally, the project will execute programs such as hciconfig using user inputted data under root privileges.
All this root activity has led me to be concerned about the security of my system. The target machine would be the user's own computer and there is no intention of running this system on some public terminal but security is still important as unknown external bluetooth devices will be capable of interacting with this system.
So far my security measures have involved heavily filtering user input, and paying very careful attention to all actions that external bluetooth devices will cause the system to perform but I am growing increasingly unhappy with this.
What would people recommend? One thought would be to split the system in to two or three modules, one containing the GUI and non-root backend, one containing the Bluecove root backend and possibly a root wrapper for hciconfig and the other tools used.
I have noticed some programs, for example Apache, that once run "drop down" their privileges. How is this achieved and is this effective?
What apache does it the setuid system call (in libc), which as you noted, effectively drops down the privilege of the process. You can make libc call via JNI, or JNA.
This works very well, even for Java programs, except that once you go from root to non-root, you won't be able to perform any operations that require the elevated privileges. So the technique can be only used if all the privileged operations can be done upfront, like Apache does.
Another possibility is to divide your program into two processes --- when launched, your program forks another program that runs as root, then have the original one demote to the non-root. Two processes can communicate over their stdin/stdout.