...
If we had user-provided tagging of sensitive information, we could do some kind of escape analysis on the doPrivileged() blocks and perhaps prove that nothing sensitive leaks out of them. We could even use something akin to thread coloring to identify the methods that either must (or must not) be called from doPrivileged() blocks.
Related
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CWE ID 266, "Incorrect Privilege Assignment" | |
| CWE ID 272, "Least Privilege Violation" |
Guideline 6-2 Safely invoke java.security.AccessController.doPrivileged() |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="534c9f17482f2b44-8aca7096-49324194-9ecab0f9-6352ac8613e96cc90debf6d6"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method doPrivileged() | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e60efd913b48ab24-b0956ece-426a486c-94af9b8b-61ccdb1f749a38ed9e2ec914"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | Sections 6.4, AccessController and 9.5 Privileged Code | ]]></ac:plain-text-body></ac:structured-macro> |
...