确保我的 Java 程序安全

发布于 2024-08-20 16:39:32 字数 678 浏览 11 评论 0原文

我有一个使用 Bluecove 库的 Java 项目,该库需要 root 权限才能执行我在我的项目中需要的某些操作项目。我应该在这里指出,尽管该项目是基于 Java 的,但它仅适用于 Linux。

该项目将具有许多不需要 root 权限的功能,其中一些必须与 root 权限功能交互,而另一些则不需要。

此外,该项目还将在 root 权限下使用用户输入的数据执行诸如 hciconfig 之类的程序。

所有这些根活动让我开始担心我的系统的安全性。目标机器将是用户自己的计算机,并且无意在某些公共终端上运行该系统,但安全性仍然很重要,因为未知的外部蓝牙设备将能够与该系统交互。

到目前为止,我的安全措施涉及大量过滤用户输入,并非常仔细地关注外部蓝牙设备将导致系统执行的所有操作,但我对此越来越不满意。

人们会推荐什么?一种想法是将系统分成两个或三个模块,一个包含 GUI 和非根后端,一个包含 Bluecove 根后端,可能还包含 hciconfig 和其他使用工具的根包装器。

我注意到一些程序,例如 Apache,一旦运行就会“降低”其权限。这是如何实现的并且有效吗?

I have a Java project that uses the Bluecove Library, this library requires root privileges to do certain actions that I require in my project. I should note here that despite the project being Java based it is for Linux only.

The project will have many functions that do not require root privileges, some of which will have to interact with the root privilege functions and some that will not.

Additionally, the project will execute programs such as hciconfig using user inputted data under root privileges.

All this root activity has led me to be concerned about the security of my system. The target machine would be the user's own computer and there is no intention of running this system on some public terminal but security is still important as unknown external bluetooth devices will be capable of interacting with this system.

So far my security measures have involved heavily filtering user input, and paying very careful attention to all actions that external bluetooth devices will cause the system to perform but I am growing increasingly unhappy with this.

What would people recommend? One thought would be to split the system in to two or three modules, one containing the GUI and non-root backend, one containing the Bluecove root backend and possibly a root wrapper for hciconfig and the other tools used.

I have noticed some programs, for example Apache, that once run "drop down" their privileges. How is this achieved and is this effective?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梦里梦着梦中梦 2024-08-27 16:39:32

apache 做了什么 setuid 系统调用(在 libc 中),正如您所指出的,它有效地降低了进程的权限。您可以通过 JNI 或 JNA 进行 libc 调用。

即使对于 Java 程序,这也非常有效,只不过一旦从 root 变为非 root,您将无法执行任何需要提升权限的操作。因此,只有所有特权操作都可以像 Apache 那样预先完成,才能使用该技术。

另一种可能性是将您的程序分为两个进程——启动时,您的程序会分叉另一个以 root 身份运行的程序,然后将原始程序降级为非 root 身份。两个进程可以通过其标准输入/标准输出进行通信。

What apache does it the setuid system call (in libc), which as you noted, effectively drops down the privilege of the process. You can make libc call via JNI, or JNA.

This works very well, even for Java programs, except that once you go from root to non-root, you won't be able to perform any operations that require the elevated privileges. So the technique can be only used if all the privileged operations can be done upfront, like Apache does.

Another possibility is to divide your program into two processes --- when launched, your program forks another program that runs as root, then have the original one demote to the non-root. Two processes can communicate over their stdin/stdout.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文