...
The open FileInputStream f[java:0] must not allow f[java:0] to escape out of changePassword() (see SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary).
Minimizing the amount of code that requires elevated privileges eases the necessary task of auditing privileged code.
...
Applicability
Failure to follow the principle of least privilege can lead to privilege escalation.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC51-JG | high | probable | high | P6 | L2 |
...
Automated checking is not possible in the general case. Escape analysis might be used to check that privileged data is not leaked provided that privileged data is indicated by the user.
Related Guidelines
"Privilege Sandbox Issues [java:XYO]" | |
CWE ID 272, "Least Privilege Violation" |
Bibliography
Class java.security. AccessController |
...