Java - How is dynamic jar loading exploitable?
https://stackoverflow.com/questions/8307167
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
I'm working on a closed source java app that analyzes JAR files. Since java can be easily decompiled, and obfuscation really isn't a big deal, I want to provide an online service that will execute the app on my server and return it's result much like fernflower here: www.reversed-java.com/fernflower/.
Problem is, I fear that's a recipe for disaster having my app load any potentially harmfull jars on the server, even though i'm never running the jars. All i'm doing is load them using URLClassLoader and JarInputStream.
Can a jar I am loading override classes in my original app in order to execute malicious code, or mess up my program?
What are the risks in dynamically loading jars?
Solução
What are the risks in dynamically loading jars?
There are no risks of dynamically loading per se. The risks are really the risks of running untrusted code. If you do that without taking the appropriate precautions, you risk having your machine totally compromised.
If you are going to do this kind of thing, at the very least you should run untrusted code in a sandbox that stops it from doing anything potentially harmful. For instance, you need to block reading and writing local files, running external processes, using reflection, accessing system properties, and so on. And you may want to stop it creating threads, creating sockets, and other things that consume system resources.
Finally, you need to consider the case where some untrusted JAR has a method that is an infinite loop. This is a problem that can't be dealt with using security sandboxes. Indeed, the only bomb-proof way to get rid of a looping thread is to exit the JVM and restart it.
Can a jar im loading override classes in my original app in order to execute malicious code, or mess up my program?
I don't think it can easily override your classes, but there are lots of other ways for untrusted code to "mess up" your world; see above. (And if the untrusted code can execute reflective code, then it possibly can override your classes by messing around with the classloader's private data structures.)
