search

Raynes / clojail

A control freak's best friend
Eclipse Public License 1.0
211 stars 27 forks source link

what is this I don't even #12

Open lukism opened 8 years ago

lukism commented 8 years ago

I was trying to make a command that evaluates clojure in sandbox and got stuck with an error

code:

(ns bot.modules.sb-eval
  (:require [bot.registry :as registry])
  (:use [clojail.core :only [sandbox]]
        [clojail.testers :only [secure-tester]]))

(def sb (sandbox secure-tester :timeout 5000))

(println (sb '(+ 3 3)))

error:

Exception in thread "main" java.util.concurrent.ExecutionException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "createClassLoader"), compiling:(bot/modules/sb_eval.clj:8:1)
    at clojure.lang.Compiler.load(Compiler.java:7391)
    at clojure.lang.RT.loadResourceScript(RT.java:372)
    at clojure.lang.RT.loadResourceScript(RT.java:363)
    at clojure.lang.RT.load(RT.java:453)
    at clojure.lang.RT.load(RT.java:419)
    at clojure.core$load$fn__5677.invoke(core.clj:5893)
    at clojure.core$load.invokeStatic(core.clj:5892)
    at clojure.core$load.doInvoke(core.clj:5876)
    at clojure.lang.RestFn.invoke(RestFn.java:408)
    at clojure.core$load_one.invokeStatic(core.clj:5697)
    at clojure.core$load_one.invoke(core.clj:5692)
    at clojure.core$load_lib$fn__5626.invoke(core.clj:5737)
    at clojure.core$load_lib.invokeStatic(core.clj:5736)
    at clojure.core$load_lib.doInvoke(core.clj:5717)
    at clojure.lang.RestFn.applyTo(RestFn.java:142)
    at clojure.core$apply.invokeStatic(core.clj:648)
    at clojure.core$load_libs.invokeStatic(core.clj:5774)
    at clojure.core$load_libs.doInvoke(core.clj:5758)
    at clojure.lang.RestFn.applyTo(RestFn.java:137)
    at clojure.core$apply.invokeStatic(core.clj:648)
    at clojure.core$require.invokeStatic(core.clj:5796)
    at clojure.core$require.doInvoke(core.clj:5796)
    at clojure.lang.RestFn.invoke(RestFn.java:408)
    at bot.core$eval258$fn__259.invoke(core.clj:11)
    at clojure.core$map$fn__4785.invoke(core.clj:2644)
    at clojure.lang.LazySeq.sval(LazySeq.java:40)
    at clojure.lang.LazySeq.seq(LazySeq.java:49)
    at clojure.lang.RT.seq(RT.java:521)
    at clojure.core$seq__4357.invokeStatic(core.clj:137)
    at clojure.core$dorun.invokeStatic(core.clj:3024)
    at clojure.core$dorun.invoke(core.clj:3024)
    at bot.core$eval258.invokeStatic(core.clj:10)
    at bot.core$eval258.invoke(core.clj:10)
    at clojure.lang.Compiler.eval(Compiler.java:6927)
    at clojure.lang.Compiler.load(Compiler.java:7379)
    at clojure.lang.RT.loadResourceScript(RT.java:372)
    at clojure.lang.RT.loadResourceScript(RT.java:363)
    at clojure.lang.RT.load(RT.java:453)
    at clojure.lang.RT.load(RT.java:419)
    at clojure.core$load$fn__5677.invoke(core.clj:5893)
    at clojure.core$load.invokeStatic(core.clj:5892)
    at clojure.core$load.doInvoke(core.clj:5876)
    at clojure.lang.RestFn.invoke(RestFn.java:408)
    at clojure.core$load_one.invokeStatic(core.clj:5697)
    at clojure.core$load_one.invoke(core.clj:5692)
    at clojure.core$load_lib$fn__5626.invoke(core.clj:5737)
    at clojure.core$load_lib.invokeStatic(core.clj:5736)
    at clojure.core$load_lib.doInvoke(core.clj:5717)
    at clojure.lang.RestFn.applyTo(RestFn.java:142)
    at clojure.core$apply.invokeStatic(core.clj:648)
    at clojure.core$load_libs.invokeStatic(core.clj:5774)
    at clojure.core$load_libs.doInvoke(core.clj:5758)
    at clojure.lang.RestFn.applyTo(RestFn.java:137)
    at clojure.core$apply.invokeStatic(core.clj:648)
    at clojure.core$require.invokeStatic(core.clj:5796)
    at clojure.core$require.doInvoke(core.clj:5796)
    at clojure.lang.RestFn.invoke(RestFn.java:408)
    at user$eval5$fn__7.invoke(form-init767063852949366950.clj:1)
    at user$eval5.invokeStatic(form-init767063852949366950.clj:1)
    at user$eval5.invoke(form-init767063852949366950.clj:1)
    at clojure.lang.Compiler.eval(Compiler.java:6927)
    at clojure.lang.Compiler.eval(Compiler.java:6917)
    at clojure.lang.Compiler.load(Compiler.java:7379)
    at clojure.lang.Compiler.loadFile(Compiler.java:7317)
    at clojure.main$load_script.invokeStatic(main.clj:275)
    at clojure.main$init_opt.invokeStatic(main.clj:277)
    at clojure.main$init_opt.invoke(main.clj:277)
    at clojure.main$initialize.invokeStatic(main.clj:308)
    at clojure.main$null_opt.invokeStatic(main.clj:342)
    at clojure.main$null_opt.invoke(main.clj:339)
    at clojure.main$main.invokeStatic(main.clj:421)
    at clojure.main$main.doInvoke(main.clj:384)
    at clojure.lang.RestFn.invoke(RestFn.java:421)
    at clojure.lang.Var.invoke(Var.java:383)
    at clojure.lang.AFn.applyToHelper(AFn.java:156)
    at clojure.lang.Var.applyTo(Var.java:700)
    at clojure.main.main(main.java:37)
Caused by: java.util.concurrent.ExecutionException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "createClassLoader")
    at java.util.concurrent.FutureTask.report(FutureTask.java:122)
    at java.util.concurrent.FutureTask.get(FutureTask.java:206)
    at clojail.core$thunk_timeout.invokeStatic(core.clj:38)
    at clojail.core$thunk_timeout.invoke(core.clj:24)
    at clojail.core$sandbox_STAR_$fn__1196.doInvoke(core.clj:223)
    at clojure.lang.RestFn.invoke(RestFn.java:425)
    at clojure.lang.AFn.applyToHelper(AFn.java:156)
    at clojure.lang.RestFn.applyTo(RestFn.java:132)
    at clojure.core$apply.invokeStatic(core.clj:650)
    at clojure.core$apply.invoke(core.clj:641)
    at clojail.core$sandbox$fn__1203.doInvoke(core.clj:237)
    at clojure.lang.RestFn.invoke(RestFn.java:410)
    at bot.modules.sb_eval$eval1380.invokeStatic(sb_eval.clj:8)
    at bot.modules.sb_eval$eval1380.invoke(sb_eval.clj:8)
    at clojure.lang.Compiler.eval(Compiler.java:6927)
    at clojure.lang.Compiler.load(Compiler.java:7379)
    ... 76 more
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "createClassLoader")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:611)
    at java.lang.ClassLoader.checkCreateClassLoader(ClassLoader.java:274)
    at java.lang.ClassLoader.<init>(ClassLoader.java:316)
    at java.security.SecureClassLoader.<init>(SecureClassLoader.java:76)
    at java.net.URLClassLoader.<init>(URLClassLoader.java:100)
    at clojure.lang.DynamicClassLoader.<init>(DynamicClassLoader.java:41)
    at clojure.lang.RT$7.run(RT.java:2126)
    at java.security.AccessController.doPrivileged(Native Method)
    at clojure.lang.RT.makeClassLoader(RT.java:2121)
    at clojure.lang.Compiler.eval(Compiler.java:6897)
    at clojure.lang.Compiler.eval(Compiler.java:6890)
    at clojure.core$eval.invokeStatic(core.clj:3105)
    at clojure.core$eval.invoke(core.clj:3101)
    at clojail.core$evaluator$fn__1182$fn__1183$fn__1184.invoke(core.clj:162)
    at clojail.jvm$priv_action$fn__487.invoke(jvm.clj:31)
    at clojail.jvm.proxy$java.lang.Object$PrivilegedAction$810645dd.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93)
    at clojure.lang.Reflector.invokeStaticMethod(Reflector.java:207)
    at clojail.jvm$jvm_sandbox.invokeStatic(jvm.clj:36)
    at clojail.jvm$jvm_sandbox.invoke(jvm.clj:33)
    at clojail.core$evaluator$fn__1182$fn__1183.invoke(core.clj:162)
    at clojure.lang.AFn.applyToHelper(AFn.java:152)
    at clojure.lang.AFn.applyTo(AFn.java:144)
    at clojure.core$apply.invokeStatic(core.clj:646)
    at clojure.core$with_bindings_STAR_.invokeStatic(core.clj:1881)
    at clojure.core$with_bindings_STAR_.doInvoke(core.clj:1881)
    at clojure.lang.RestFn.invoke(RestFn.java:425)
    at clojail.core$evaluator$fn__1182.invoke(core.clj:162)
    at clojure.lang.AFn.call(AFn.java:18)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.lang.Thread.run(Thread.java:745)
hypirion commented 8 years ago

You need to add a java policy, a default one can be placed at ~/.java.policy. The most liberal one is probably https://github.com/Raynes/clojail/blob/master/example.policy and is fine if you have control over the sandbox yourself.

lukism commented 8 years ago

Any existing policy for a public bot where I don't trust people?

hypirion commented 8 years ago

Well, the policy in itself is no good security wise. However, I'm pretty sure both TryClojure and lazybot uses that policy, but they use it with the secure-tester tester in clojail.testers, which severely limits calls a user can do. It's been battle tested for quite some time so for a bot I would argue that should be sufficient.