JChains minimal install distribution

NOTE: This archive includes code that serves as Proof-Of-Concept
for my upcoming thesis. The following vulnerabilities were refactored 
using this tool:


AUTHOR:  Marc Schoenefeld, marc.schoenefeld AT gmx DOT org

LICENSE: Free for use in free software, but credit the author
         Don't use in commercial software without prior admission
         from the author.

1. A sample configuration can be found in the sampleconf directory, 
   the script tomcat_jchains.sh shows an application startup script can be 
   customized to be used with jchains. This configuration should be 
   useable on Fedora 10, having the tomcat6 and java-1.6.0-openjdk packages

2. Run the command 

        java -Dorg.jchains.file=tomcat.csv -jar ../jchains.jar -file

   or simple use the startGUIForTomcat.sh script gives you the beanshell servlet:
   Try some stuff with Beanshell and see the results in the GUI
   1) java.io.FileInputStream f= new java.io.FileInputStream("/etc/passwd"); 
      byte[] b = new byte[f.available()];
      int r = f.read(b);
      System.out.println(new String(b));
      return r 
   You will find a suspicious FilePermission with /etc/passwd in the permission log