System and method for using sandboxes in a managed shell

US 20070226773A1
Filed: 03/21/2006
Published: 09/27/2007
Est. Priority Date: 03/21/2006
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for executing a shell script in a managed environment, comprising:

recognizing one or more shell tools of the shell script;

identifying whether one or more security policies related to the one or more recognized shell tools exists;

dynamically creating a sandbox for enforcing the identified security policies within the managed environment for the execution of the shell script.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention allows shell program to be managed with security policies and enforced using sandboxes enforced by the security manager of a managed environment. The additional security policies may come from shell tool specific security policies, application specific security policies, resource based security policies, shell based policies, owner based policies, user based policies and/or other types of policies. Security policies may be merged to provide a managed shell more permission granularity in addition to existing machine policies.

158 Citations

26 Claims

1. A computer implemented method for executing a shell script in a managed environment, comprising:
- recognizing one or more shell tools of the shell script;
  
  identifying whether one or more security policies related to the one or more recognized shell tools exists;
  
  dynamically creating a sandbox for enforcing the identified security policies within the managed environment for the execution of the shell script.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer implemented method of claim 1, wherein the operation of recognizing one or more shell tools includes further determining if the shell tool is a managed tool or unmanaged tool.
  - 3. The computer implemented method of claim 2, wherein the managed tools include their own security policies in addition to the shell security policies.
  - 4. The computer implemented method of claim 2, wherein the unmanaged tools do not have their own security policies and are controlled by shell security policies during execution.
  - 5. The computer implemented method of claim 1, further including the operation for creating a sandbox inside another sandbox to further restrict permissions granted to a sub-script.
  - 6. The computer implemented method of claim 1, further comprising supplying the managed environment with security policy information before creating a sandbox.
  - 7. The computer implemented method of claim 1, wherein the one or more security policies is based on resources accessed by the shell script.
  - 8. The computer implemented method of claim 1, wherein the shell script originates from secure, un-secure, or semi-secure source.
  - 9. The computer implemented method of claim 8, wherein the one or more security policies is based on the origin of the shell script.
  - 10. The computer implemented method of claim 1, wherein each security policy includes one or more security permissions for restricting shell script actions during execution.
  - 11. The computer implemented method of claim 10, wherein the security permission is a custom permission.
  - 12. The computer implemented method of claim 10, further including merging one or more security permissions of the one or more security policies to be enforced during the shell script execution.
  - 13. The computer implemented method of claim 1, wherein the one or more security policies includes at least one permissions from a group of permissions including tool specific, application specific, resource based, shell based, owner based, and user based permissions.

14. A computer system for executing shell scripts in a managed environment including:
- the managed environment recognizing one or more shell tools of the shell script;
  
  a security manager identifying whether one or more security policies related to the one or more recognized shell tools exists;
  
  the managed environment dynamically creating a sandbox for enforcing the identified security policies within the managed environment for the execution of the shell script.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The computer system of claim 14, wherein the managed environment determines whether the shell tool is a managed tool or unmanaged tool.
  - 16. The computer system of claim 15, wherein the managed tools includes their own security policies in addition to the shell security policies.
  - 17. The computer system of claim 15, wherein the unmanaged tools do not have their own security policies and are controlled by shell security policies during execution.
  - 18. The computer system of claim 14, wherein the security manager creates a sandbox inside another sandbox to further restrict permissions granted to a sub-script.
  - 19. The computer system of claim 14, wherein the security manager supplies the managed environment with security policy information before creating a sandbox.
  - 20. The computer system of claim 14, wherein the one or more security policies is based on resources accessed by the shell script.
  - 21. The computer system of claim 14, wherein the shell script originates from secure, un-secure, or semi-secure source.
  - 22. The computer system of claim 21, wherein the one or more security policies is based on the origin of the shell script.
  - 23. The computer system of claim 14, wherein each security policy includes one or more security permissions for restricting shell script actions during execution.
  - 24. The computer system of claim 23, wherein the security permission is a custom permission.
  - 25. The computer system of claim 23, wherein the security manager merges one or more security permissions of the one or more security policies to be enforced during the shell script execution.
  - 26. The computer system of claim 14, wherein the one or more security policies includes at least one permissions from a group of permissions included tool specific, application specific, resource based, shell based, owner based, and user based permissions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Pouliot, Sebastien

Granted Patent

US 7,725,922 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 2221/2149 Restricted operating enviro...

System and method for using sandboxes in a managed shell

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

158 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for using sandboxes in a managed shell

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links