[esb-issues] [JBoss JIRA] Commented: (JBESB-1561) Groovy security compromised
Jiri Pechanec (JIRA)
jira-events at lists.jboss.org
Tue Feb 26 09:01:42 EST 2008
[ http://jira.jboss.com/jira/browse/JBESB-1561?page=comments#action_12400588 ]
Jiri Pechanec commented on JBESB-1561:
--------------------------------------
Sounds good as short-term solution but in long term we cannot avoid the SecurityManager use - if/when there will be release dedicated to security
> Groovy security compromised
> ---------------------------
>
> Key: JBESB-1561
> URL: http://jira.jboss.com/jira/browse/JBESB-1561
> Project: JBoss ESB
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Rosetta, Adapters
> Affects Versions: 4.2.1 CP1
> Reporter: Martin Vecera
> Assigned To: Tom Fennelly
> Priority: Critical
> Fix For: 4.3, 4.2.1 CP2
>
> Attachments: malgroovy.tgz
>
>
> GroovyActionProcess allows execution of malicious code. This code can be sent via esb message. See attached example (modified QS).
> Credit goes to Jirka Pechanec for this great idea!
> Proposed solution: code support for SecurityManager.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the esb-issues
mailing list