Have test_openssl.rb be explicit about security checks it adds #853
Conversation
|
This is a very interesting commit. I will try to review it this week and see about getting it in. We have long wanted to do a better job of integrating JVM security model with Ruby, including things like gracefully disabling features for which we do not have permissions, presenting a security API similar to the JVMs for Ruby use (disable eval, limit IO, restrict FFI binding of libraries, etc). |
|
While I'm reviewing, maybe you could take another look over this. I think we will just merge this to master, since the functionality change is not immediately visible to a typical 1.7.x user, and this will fit into the plan of building a better security model for Ruby in JRuby. |
|
Is there some design doc about the Ruby security API or at least collection of ideas? I feel that this commit is useful anyway, since it allows to reproduce restricted flows in the tests, which can be handy to get a good grasp on required permissions even for JRuby flows. For example, it is a bit weird to me that to load OpenSSL one needs to write user.timezone, but I guess the cleanup can be deferred. |
|
As long the openssl still requires security manager checks, I think this commit is still valid. I believe my intention was to make sure that JRuby tests are conscious about what security manager checks are introduced. |
... transplanted from jruby/jruby#853
|
Finally - moved, with some tunings, into jruby-openssl, thanks Dmitry |
Hey all,
With this commit I'm trying to get JRuby more explicit about the security checks it requires to run. There are three parts to this commit:
Please let me know what you think. Assuming this gets merged in, I'd like to tackle test_load.rb next to provide some motivation to get rid of CompoundJar loader. ;)