Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / May 2007

Tip: Looking for answers? Try searching our database.

Deadly Libs

Thread view: 
Enable EMail AlertsStart New Thread
Volker Raum - 08 May 2007 13:36 GMT
Hi everyone,

i would like to hear some thoughts about a problem i stumbled upon while thinking about writing a
modulebased software.

Following situation:
I got a main functionality coded in a Java program. (JSE or JEE doesnt matter, i think)
To extend this functionality i will give 3rd parties the opportunity to develop extensions.
Those are called from the main program via a methodcall within the same virtual machine.
Maybe the 3rd party did a mistake or simply coded malware like

public void aMethod()
{
    while(true) {
    }
}

Calling this method will cause a severe CPU Utilisation problem.

The simple question is: how do i avoid this?
An extra thread will not help i think, because the method still causes CPU utilisation.
And what do i do with such a "never ending" thread? i cant kill it from "extern" after started.

So, any thoughts?

greets,
Volker
Reply to this Message
Lew - 08 May 2007 13:51 GMT
> I got a main functionality coded in a Java program. (JSE or JEE doesnt
> matter, i think)
[quoted text clipped - 17 lines]
> And what do i do with such a "never ending" thread? i cant kill it from
> "extern" after started.

The 3rd party could do the same thing in code not extended from your library, too.

You are asking how to prevent others from writing bad code.

You really can't.

You can create a sandbox (perhaps using a combination of ClassLoaders and
Threads) to run others's code for certain applications, such as for
instructors grading programming instructors.  Monitoring threads can "decide"
if a thread has gone on "too long" and interrupt it.

When writing APIs for extension one can do certain things to restrict clients'
abuse.  You can declare methods final, preventing them from being overridden.
 Keep all instance variables private.  Do not call overridable methods in
constructors.  Make them derive from an abstract class that ensures key
invariants.

You cannot generally prevent bad code, but you can mitigate it by firing bad
programmers and continuing to train the good ones.

Signature

Lew

Reply to this Message
Lew - 08 May 2007 14:16 GMT
> I got a main functionality coded in a Java program. (JSE or JEE doesnt
> matter, i think)
[quoted text clipped - 17 lines]
> And what do i do with such a "never ending" thread? i cant kill it from
> "extern" after started.

The 3rd party could do the same thing in code not extended from your library, too.

You are asking how to prevent others from writing bad code.

You really can't.

You can create a sandbox (perhaps using a combination of ClassLoaders and
Threads) to run others's code for certain applications, such as for
instructors grading programming assignments.  Monitoring threads can "decide"
if a thread has gone on "too long" and interrupt it.

When writing APIs for extension one can do certain things to restrict clients'
abuse.  You can declare methods final, preventing them from being overridden.
 Keep all instance variables private.  Do not call overridable methods in
constructors.  Make them derive from an abstract class that ensures key
invariants.

You cannot generally prevent bad code, but you can mitigate it by firing bad
programmers and continuing to train the good ones.

Signature

Lew

Reply to this Message
Robert Klemme - 08 May 2007 15:28 GMT
> Hi everyone,
>
[quoted text clipped - 19 lines]
>
> The simple question is: how do i avoid this?

Simple answer: you don't.

In practice though this is a rarely if ever seen scenario.  You'd simply
stop using such a library, wouldn't you?

> An extra thread will not help i think, because the method still causes
> CPU utilisation.
> And what do i do with such a "never ending" thread? i cant kill it from
> "extern" after started.
>
> So, any thoughts?

You are worrying too much - unless you want to create a system that
should download arbitrary code from /somewhere/ and be robust against
bugs and malicious attacks.  But then you also need to address a lot of
other issues (preventing disk accesses etc.) and you probably want to
look into Java's security model.

Kind regards

    robert
Reply to this Message
Tom Hawtin - 08 May 2007 17:39 GMT
> Maybe the 3rd party did a mistake or simply coded malware like
>
[quoted text clipped - 7 lines]
>
> The simple question is: how do i avoid this?

There are lots of ways of causing DoS from mobile code. Applets are not
immune from it. The only effective way of dealing with such code in Java
is to start it in a new process, which can then be sacrificed. The
typical way of dealing with such things is not to run code that attempts
a DoS whether deliberately or not.

Tom Hawtin
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.