SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 87

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 88

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changed to Applicability and updated the references to Java 7

According to the Java API [API 20062011] class Class SecurityManager documentation,

The security manager is a class that allows applications to implement a security policy. It allows an application to determine, before performing a possibly unsafe or sensitive operation, what the operation is and whether it is being attempted in a security context that allows the operation to be performed. The application can allow or disallow the operation.

...

The default security policy file {{java.policy}}—found —found in the /path/to/java.home/lib/security directory on UNIX-like systems and its equivalent on Microsoft Windows systems—grants systems—grants a few permissions (reading system properties, binding to unprivileged ports, and so forth). Also, a user-specific policy file may be located in the user's home directory. The union of these policy files specifies the permissions granted to a program. The java.security file can specify which policy files are used. If either of the systemwide java.policy or java.security files is deleted, no permissions are granted to the executing Java program.

...

After this code executes, APIs that perform security checks use the custom security manager. As noted earlier, custom security managers should be installed only when the default security manager lacks the required functionality.

...

Applicability

All Java security depends on the existence of a SecurityManager. In the absence of a SecurityManager, arbitrary code can execute, which can include code provided by an attacker.

...

Guideline

...

Severity

...

...

Remediation Cost

...

Priority

...

Level

...

SEC60-JG

...

high

...

probable

...

low

...

P18

...

L1

Automated Detection

Programmatic detection of the presence or absence of a SecurityManager at runtime is straightforward. Static analysis can address the presence or absence of code that would attempt to install a SecurityManager if the code were executed. Checking whether the SecurityManager is installed early enough, specifies the desired properties, or is guaranteed to be installed may be possible in some special cases but is not feasible in full generality.

Related

...

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Related Guidelines

MITRE CWE: CWE-358 "Improperly Implemented Security Check for Standard"

Bibliography

[API 20062011] Class Classes SecurityManager, Class AccessControlContext, Class AccessController
[Gong 2003] Section 6.1, Security Manager
[Pistoia 2004] Section 7.4, The Security Manager
[Policy 2002]
[SecuritySpec 2008] 6.2 SecurityManager versus AccessController

...