Details
-
Enhancement
-
Resolution: Fixed
-
P2
-
7u51
-
b02
-
Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8032276 | 9 | Mark Howe | P2 | Closed | Fixed | b02 |
| JDK-8032093 | 8u20 | Mark Howe | P2 | Closed | Fixed | b01 |
| JDK-8026010 | 8 | Mark Howe | P2 | Closed | Fixed | b124 |
| JDK-8031897 | 7u60 | Mark Howe | P2 | Resolved | Fixed | b03 |
Description
Requirement:
Tighten the restrictions on the java plugin so that the use of the permissions attribute becomes mandatory rather than optional for systems running on the "high" (default) security level. The codebase attribute must remain optional.
Background:
As part of the tightening of security for running Java code through a web browser with 7u25 we introduced new attributes to an applications manifest to allow the developer to specify whether the application was meant to be deployed as requiring elevated permissions or as a sandbox application.
The permissions attribute was optional. For this release we want to restrict the "high" (default) security level so that this attribute is required. The "codebase" attribute remains optional.
A360: http://oracleplan.oracle.com/goto?ra_=entity&entityType=FEATURE&entityId=1117106
Request from SQE for all feature descriptions for Jan CPU to include the following analysis:
Sandeep Konchady added a comment - 2013-09-05 13:30 - Restricted to Confidential
I would like for all features going into Jan CPU to have the following analysis and signed off by QE
Summary
-------
Make permissions mandatory at the default security level helps to reduce repurposing of Jars.
Success Metrics
---------------
Verify that applications without the permissions attribute are blocked at High and Very High
Motivation
----------
Increase security (see Summary)
Description
-----------
Set Default value SEC_PERMISSIONS_MANIFEST_REQUIRED_KEY to true (since default level is High and it's true at High).
set the property explicitly to the new default
set it true for high as well as very high level
Alternatives
------------
NA
Testing
-------
Unit test is part of fix
SQE tests will require updating to make sure application without Permission block at High and Very High Security level, but pass at Medium.
Risks and Assumptions
---------------------
Low Risk, mechanism for blocking based on security level is already in place, main change is simple table change
Dependencies
------------
none
Impact
------
- Compatibility: Different behaviour at default security level. Applications will break at default security level until developers update with Permissions attribute.
- Security: More secure
- User experience: Applications that haven't been updated will fail at default. May encourage uses to lower security level to Medium, countering other security measures.
- TCK: Unknown. Should be run
- Doc impact: need to let developers know that default requirements changing.
Tighten the restrictions on the java plugin so that the use of the permissions attribute becomes mandatory rather than optional for systems running on the "high" (default) security level. The codebase attribute must remain optional.
Background:
As part of the tightening of security for running Java code through a web browser with 7u25 we introduced new attributes to an applications manifest to allow the developer to specify whether the application was meant to be deployed as requiring elevated permissions or as a sandbox application.
The permissions attribute was optional. For this release we want to restrict the "high" (default) security level so that this attribute is required. The "codebase" attribute remains optional.
A360: http://oracleplan.oracle.com/goto?ra_=entity&entityType=FEATURE&entityId=1117106
Request from SQE for all feature descriptions for Jan CPU to include the following analysis:
Sandeep Konchady added a comment - 2013-09-05 13:30 - Restricted to Confidential
I would like for all features going into Jan CPU to have the following analysis and signed off by QE
Summary
-------
Make permissions mandatory at the default security level helps to reduce repurposing of Jars.
Success Metrics
---------------
Verify that applications without the permissions attribute are blocked at High and Very High
Motivation
----------
Increase security (see Summary)
Description
-----------
Set Default value SEC_PERMISSIONS_MANIFEST_REQUIRED_KEY to true (since default level is High and it's true at High).
set the property explicitly to the new default
set it true for high as well as very high level
Alternatives
------------
NA
Testing
-------
Unit test is part of fix
SQE tests will require updating to make sure application without Permission block at High and Very High Security level, but pass at Medium.
Risks and Assumptions
---------------------
Low Risk, mechanism for blocking based on security level is already in place, main change is simple table change
Dependencies
------------
none
Impact
------
- Compatibility: Different behaviour at default security level. Applications will break at default security level until developers update with Permissions attribute.
- Security: More secure
- User experience: Applications that haven't been updated will fail at default. May encourage uses to lower security level to Medium, countering other security measures.
- TCK: Unknown. Should be run
- Doc impact: need to let developers know that default requirements changing.
Attachments
Issue Links
- backported by
-
JDK-8031897 Plugin: Require Permissions Attribute for High Security Setting
-
- Resolved
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-