Home » Eclipse Projects » Rich Client Platform (RCP) » Security concern in SWT/RCP
| Security concern in SWT/RCP [message #439423] |
Tue, 08 November 2005 02:07  |
Eclipse User |
|
|
|
Hi,
Sorry If this has been solved or irrelevant to RCP at all.
MOst of RCP applications are single-user based. When using RCP and OSGi as
a general desktop manager for multiple SWT applications (bundles), I see
there's a security threat when a single SWT Display instance for multiple
top-level (primary) shells is used.
Malicious apps can easily add filters for any untyped event to the display
object, for example, Display.addFilter(SWT.KeyDown, myListener) to sniff
the key events from any active shell or focused widget.
Does RCP application model define some isolation mechanism to prevent this
happening? Or SWT Display should do something?
See the test code below:
public class Demo implements Listener {
Display display;
Text textArea;
Vector shellManager = new Vector();
public void runTest() {
display = new Display();
display.addFilter(SWT.KeyDown, this);
final Shell shell1 = new Shell(display);
shellManager.addElement(shell1);
shell1.setText("Sniffer shell");
shell1.setSize(200, 200);
shell1.setLayout(new FillLayout());
textArea = new Text(shell1, SWT.MULTI);
shell1.addListener(SWT.Dispose, new Listener() {
public void handleEvent(Event event) {
shellManager.remove(shell1);
}
});
shell1.open();
Display display2 = Display.getDefault();
final Shell shell2 = new Shell(display2);
shellManager.addElement(shell2);
shell2.setText("Victim shell");
shell2.setSize(200, 200);
shell2.addListener(SWT.Dispose, new Listener() {
public void handleEvent(Event event) {
shellManager.remove(shell2);
}
});
shell2.open();
while (shellManager.size() != 0) {
if (!display.readAndDispatch())
display.sleep();
}
display.dispose();
}
public static void main(String[] args) {
Demo demo = new Demo();
demo.runTest();
}
/*
* (non-Javadoc)
*
* @see
org.eclipse.swt.widgets.Listener#handleEvent(org.eclipse.swt .widgets.Event)
*/
public void handleEvent(Event event) {
System.out.println("E: "+event);
textArea.append("Key: " + (char) event.keyCode + "\n");
}
}
|
|
|
| Re: Security concern in SWT/RCP [message #439449 is a reply to message #439423] |
Tue, 08 November 2005 08:37  |
| Eclipse User |
|
|
|
Originally posted by: Lamont_Gilbert.rigidsoftware.com
I don't think this is the place for security. You need to prevent
malicious apps from being on your system in the first place. If the
user has run such an app, there will always be a way for it to mess over
your product.
History (microsoft vs. Netscape vs. Wordperfect, etc.) should indicate
as much.
CL
Yu You wrote:
> Hi,
>
> Sorry If this has been solved or irrelevant to RCP at all.
> MOst of RCP applications are single-user based. When using RCP and OSGi
> as a general desktop manager for multiple SWT applications (bundles), I
> see there's a security threat when a single SWT Display instance for
> multiple top-level (primary) shells is used.
>
> Malicious apps can easily add filters for any untyped event to the
> display object, for example, Display.addFilter(SWT.KeyDown, myListener)
> to sniff the key events from any active shell or focused widget.
> Does RCP application model define some isolation mechanism to prevent
> this happening? Or SWT Display should do something?
>
> See the test code below:
>
> public class Demo implements Listener {
>
> Display display;
>
> Text textArea;
>
> Vector shellManager = new Vector();
>
> public void runTest() {
> display = new Display();
> display.addFilter(SWT.KeyDown, this);
>
> final Shell shell1 = new Shell(display);
> shellManager.addElement(shell1);
> shell1.setText("Sniffer shell");
> shell1.setSize(200, 200);
> shell1.setLayout(new FillLayout());
> textArea = new Text(shell1, SWT.MULTI);
> shell1.addListener(SWT.Dispose, new Listener() {
> public void handleEvent(Event event) {
> shellManager.remove(shell1);
> }
> });
> shell1.open();
>
> Display display2 = Display.getDefault();
>
> final Shell shell2 = new Shell(display2);
> shellManager.addElement(shell2);
> shell2.setText("Victim shell");
> shell2.setSize(200, 200);
> shell2.addListener(SWT.Dispose, new Listener() {
> public void handleEvent(Event event) {
> shellManager.remove(shell2);
> }
> });
> shell2.open();
>
> while (shellManager.size() != 0) {
> if (!display.readAndDispatch())
> display.sleep();
> }
> display.dispose();
>
> }
>
> public static void main(String[] args) {
> Demo demo = new Demo();
> demo.runTest();
> }
>
> /*
> * (non-Javadoc)
> * * @see
> org.eclipse.swt.widgets.Listener#handleEvent(org.eclipse.swt .widgets.Event)
> */
> public void handleEvent(Event event) {
> System.out.println("E: "+event);
> textArea.append("Key: " + (char) event.keyCode + "\n");
> }
> }
>
>
|
|
|
| Re: Security concern in SWT/RCP [message #439457 is a reply to message #439423] |
Tue, 08 November 2005 10:59 |
| Eclipse User |
|
|
|
First , I will say that you do have a valid concern. However you can't take
such narrow view of the security in the Eclipse RCP.
The Eclipse RCP is, as it comes "out of the box", an entirely unsecure
platform. So worrying about a "malicous app" sniffing window or keyboard
events is only the tip of a very large iceberg.
You might want to look at some of the security discussions going on in the
equinox-incubator.
http://www.eclipse.org/equinox/incubator/security/index.html
Java provides "core" security mechanisms which, in my opinion, Eclipse
should extend and embrace where appropriate. There seems to be some a lot
of growing interest in security as the RCP is maturing and project are
moving from "proof of concept" to real world deployments.
(Disclaimer, The views and opinions expressed here are my personal views and
in no way reflect the views, and opinions of IBM Corp. )
--
Jay R.
IBM Software Group
Workplace, Portal and Collaboration Software
Workplace Client Technologies, Rich Edition - Security
"Yu You" <yu.you@nokia.com> wrote in message
news:fc842229535f5ae0aa822617b34898d6$1@www.eclipse.org...
> Hi,
>
> Sorry If this has been solved or irrelevant to RCP at all.
> MOst of RCP applications are single-user based. When using RCP and OSGi as
> a general desktop manager for multiple SWT applications (bundles), I see
> there's a security threat when a single SWT Display instance for multiple
> top-level (primary) shells is used.
>
> Malicious apps can easily add filters for any untyped event to the display
> object, for example, Display.addFilter(SWT.KeyDown, myListener) to sniff
> the key events from any active shell or focused widget.
> Does RCP application model define some isolation mechanism to prevent this
> happening? Or SWT Display should do something?
>
> See the test code below:
>
> public class Demo implements Listener {
>
> Display display;
>
> Text textArea;
>
> Vector shellManager = new Vector();
>
> public void runTest() {
> display = new Display();
> display.addFilter(SWT.KeyDown, this);
>
> final Shell shell1 = new Shell(display);
> shellManager.addElement(shell1);
> shell1.setText("Sniffer shell");
> shell1.setSize(200, 200);
> shell1.setLayout(new FillLayout());
> textArea = new Text(shell1, SWT.MULTI);
> shell1.addListener(SWT.Dispose, new Listener() {
> public void handleEvent(Event event) {
> shellManager.remove(shell1);
> }
> });
> shell1.open();
>
> Display display2 = Display.getDefault();
>
> final Shell shell2 = new Shell(display2);
> shellManager.addElement(shell2);
> shell2.setText("Victim shell");
> shell2.setSize(200, 200);
> shell2.addListener(SWT.Dispose, new Listener() {
> public void handleEvent(Event event) {
> shellManager.remove(shell2);
> }
> });
> shell2.open();
>
> while (shellManager.size() != 0) {
> if (!display.readAndDispatch())
> display.sleep();
> }
> display.dispose();
>
> }
>
> public static void main(String[] args) {
> Demo demo = new Demo();
> demo.runTest();
> }
>
> /*
> * (non-Javadoc)
> * * @see
> org.eclipse.swt.widgets.Listener#handleEvent(org.eclipse.swt .widgets.Event)
> */
> public void handleEvent(Event event) {
> System.out.println("E: "+event);
> textArea.append("Key: " + (char) event.keyCode + "\n");
> }
> }
>
>
|
|
|
| Re: Security concern in SWT/RCP [message #439462 is a reply to message #439457] |
Tue, 08 November 2005 12:30 |
| Eclipse User |
|
|
|
Originally posted by: Lamont_Gilbert.rigidsoftware.com
Jay Rosenthal wrote:
> First , I will say that you do have a valid concern. However you can't take
> such narrow view of the security in the Eclipse RCP.
>
> The Eclipse RCP is, as it comes "out of the box", an entirely unsecure
> platform. So worrying about a "malicous app" sniffing window or keyboard
> events is only the tip of a very large iceberg.
>
> You might want to look at some of the security discussions going on in the
> equinox-incubator.
> http://www.eclipse.org/equinox/incubator/security/index.html
>
> Java provides "core" security mechanisms which, in my opinion, Eclipse
> should extend and embrace where appropriate. There seems to be some a lot
> of growing interest in security as the RCP is maturing and project are
> moving from "proof of concept" to real world deployments.
>
>
> (Disclaimer, The views and opinions expressed here are my personal views and
> in no way reflect the views, and opinions of IBM Corp. )
>
Java security is there so the end user can protect himself from your
application. It does not protect one application from another.
CL
|
|
|
Goto Forum:
Current Time: Tue Sep 16 10:43:52 EDT 2025
Powered by FUDForum. Page generated in 0.03573 seconds |
Home