...
This example violates the principle of least privilege because an unprivileged caller will also cause the authentication library to be loaded. An unprivileged caller should not be allowed to invoke System.loadLibrary() method especially via the doPrivileged mechanism because System.loadLibrary uses only the immediate caller's class loader to find and load the library. Unprivileged code is seldom granted privileges to load libraries because doing so would expose native methods to the unprivileged code [SCG 2010] .
Compliant Solution
This compliant solution moves the call to System.loadLibrary() outside the doPrivileged() block. That allows unprivileged code to perform preliminary password-reset checks using the file but forbids it from loading the authentication library.
...
"Privilege Sandbox Issues [XYO]" | |
CWE ID 272, "Least Privilege Violation" | |
| [SCG 2010] | Guideline 9-9: Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance |
Bibliography
...