Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When writing a custom class loader, sometimes it is desirable to override the getPermissions() method. In most cases, it is recommended that the implementation consult the default system policy before assigning arbitrary permissions to the code source. This can be automatically handled by explicitly invoking the superclass's getPermissions() method.

Noncompliant Code Example

This noncompliant code example shows a snippet of a custom class loader that extends the class URLClassLoader. It overrides the getPermissions() method and does not call the superclass's more restrictive getPermissions() method. Note that URLClassLoader's getPermissions() method calls the Policy class's getPermissions() method which by default, uses the global system-wide policy file to enforce access control. Consequently, a class defined using the custom class loader has permissions that are completely independent of those specified in the system-wide policy file and in effect, the class's permissions override them.

Code Block
bgColor#FFcccc
protected PermissionCollection getPermissions(CodeSource cs) {
  PermissionCollection pc = new Permissions();
  pc.add(new RuntimePermission("exitVM"));   //allow exit from the VM anytime
  return pc;
}

Compliant Solution

In this compliant solution, as the overridden getPermissions() method calls super.getPermissions(), the default system-wide security policy is also consulted in addition to the custom policy.

Code Block
bgColor#ccccff
protected PermissionCollection getPermissions(CodeSource cs) {
  PermissionCollection pc = super.getPermissions(cs);
  pc.add(new RuntimePermission("exitVM"));
  return pc;
}

Risk Assessment

Failure to consult the default system policy while defining a custom classloader violates the tenets of defensive programming and may result in classes defined with unintended permissions.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

SEC11-J

high

probable

low

P18

L1

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 2006|AA. Java References#API 06]\] [Class ClassLoader|http://java.sun.com/javase/6/docs/api/java/lang/ClassLoader.html]
\[[Oaks 2001|AA. Java References#Oaks 01]\]
\[[Security 2006|AA. Java References#Security 06]\]


SEC10-J. Define custom security permissions for fine grained security      02. Platform Security (SEC)      SEC12-J. Do not grant untrusted code access to classes existing in forbidden packages