What are the security risks I should guard against when running user-supplied Java code?

Question

Is there a comprehensive list of the security issues with running user-supplied Java code on a server? I\'m already

• using timeouts of 10 seconds
• runni

Answer 1

The question I'd ask myself is, 'How much do I trust the people, and how much do I trust that their code won't break my system?' In general, my answer would be not much, and not as far as I could throw 'em. But, off the top of my head, here are some things I would want to guard against.

• Infinite loops (timeouts help)
• Dodgy I/O operations (trying to read/write from/to directories they have no access to)
• Privilege escalation code (limiting the account to only be able to execute in a specific context, or with specific permissions is a huge plus)
• Creation of too many objects/removing memory (limiting available memory and/or resources is a plus here)
• Reading/writing from/to a socket and not releasing the resource
• Expecting input from STDIN, which may be problematic if the server is headless

There are plenty more to be wary for, so I would tread carefully. Safeguard each account and /home directory from one another as best as you can (a simple chmod 700 $HOME will often do it), and experiment with code that you would consider dodgy before deploying publicly. Once you're comfortable with how well the server holds up, allow others to test your server and see how well it goes.