|
Description
|
|
•
|
Through library and built-in functions, the Maple language provides full access to the computer on which it is running. This access is limited only by the privileges of the user who started the engine. However, this user may wish to restrict the capabilities of the Maple language in certain situations, such as when executing untrusted code, or in the context of MapleNet. Maple engine security can be used to restrict the read, write, external calling, and system calling privileges of the Maple language.
|
|
|
Security Model Overview
|
|
•
|
In the Maple engine, security is implemented as a collection of lists that describe which files and directories are permitted for certain operations. These operations have been grouped into categories. Associated with each category are two lists of patterns (file specifications); one represents the list of permitted files and the other represents the list of restricted files.
|
•
|
With security enabled, when an operation on a file is attempted, the Maple engine tests the file against associated lists to determine if the action is permitted.
|
|
|
Categories of Controlled Operations
|
|
•
|
Potentially unsafe operations performed by the Maple engine have been divided into the following categories:
|
1.
|
(read) reading of files or directories
|
2.
|
(write) writing to files or directories
|
3.
|
(extcall) loading of files for execution through an external call
|
4.
|
(syscall) other commands that are potentially dangerous
|
•
|
Operations in categories (1), (2), and (3) are controlled by lists of patterns (file specifications) that specify which files can be written, read, and executed through an external call.
|
Category (1) is controlled by the security settings SECURE_READ_LIST and SECURE_NOREAD_LIST.
Category (2) is controlled by the security settings SECURE_WRITE_LIST and SECURE_NOWRITE_LIST.
Category (3) is controlled by the security settings SECURE_EXTCALL_LIST and SECURE_NOEXTCALL_LIST.
Each of these settings contains a list of file specifications. For a description of valid file specifications, see the File Specifications for Maple Engine Security help page.
•
|
Category (4) is controlled by the security setting SECURE_SYSCALL_ENABLED. The entire group of operations in category (4) can only be enabled or disabled as a whole.
|
|
|
Security Settings
|
|
•
|
The security settings are stored in the Maple engine as follows:
|
SECURE_READ_LIST
|
list of file specifications for permitted read operations
|
SECURE_NOREAD_LIST
|
list of file specifications for restricted read operations
|
SECURE_WRITE_LIST
|
list of file specifications for permitted write operations
|
SECURE_NOWRITE_LIST
|
list of file specifications for restricted write operations
|
SECURE_EXTCALL_LIST
|
list of file specifications for permitted external call libraries
|
SECURE_NOEXTCALL_LIST
|
list of file specifications for restricted external call libraries
|
SECURE_SYSCALL_ENABLED
|
Boolean flag for enabling/disabling calls to system and ssystem
|
SECURE_MODE
|
Boolean flag for enabling/disabling security
|
|
|
•
|
Maple engine security settings can be configured either through command line options or through the GUI interface.
|
|
|
Summary of Controlled Operations
|
|
|
Read Operations
|
|
•
|
In general, any operation that attempts to open a file for read will be affected by the read settings. This includes (but is not restricted to):
|
–
|
library read operations performed explicitly through march or implicitly through libname
|
–
|
reading of Maple source files or Maple internal format files through either the read command or implicitly by referencing specific names
|
•
|
For these operations, if the file is deemed readable, the operation is permitted.
|
|
|
Write Operations
|
|
•
|
In general, any operation that attempts to open a file for writing will be affected by the write settings. This includes (but is not restricted to):
|
–
|
library save operations performed explicitly through march or implicitly through libname
|
•
|
For these operations, if the file is deemed writable, the operation is permitted.
|
|
|
External Call Operations
|
|
•
|
For all languages other than Java, if the library argument is deemed loadable, the operation will be permitted.
|
•
|
For Java external calls, if all classpath elements are deemed loadable, the operation is permitted.
|
|
|
System Operations
|
|
•
|
In general, any operation that interrogates the underlying system or relies on it to evaluate arbitrary commands will be affected by the syscall setting. This includes (but is not restricted to):
|
–
|
fopen commands using pipes or processes
|
•
|
For these operations, if syscalls are enabled, the operation is permitted. For the currentdir call, the operation is only permitted if access to the the current working directory is permitted by the current security settings.
|
|
|
|
|