...
This noncompliant code example describes a security vulnerability from JDK 5.0 software. At the time, java.io.File was non-final, allowing an attacker to supply an untrusted value as a parameter by extending the legit java.io.File. In this way, the getPath() method can be overridden so that the security check passes the first time it is called but the value mutates the second time to refer to a sensitive file such as /etc/passwd. This is a time of check, time of use (TOCTOU) vulnerability.
| Code Block | ||
|---|---|---|
| ||
public RandomAccessFile openFile(final java.io.File f) {
askUserPermission(f.getPath());
// ...
return (RandomAccessFile)AccessController.doPrivileged() {
public Object run() {
return new RandomAccessFile(f.getPath());
}
}
}
|
...