Page History

The security policy file must grant the {{java.io.FilePermission}} as follows: if {{cmd}} is an absolute path, {{java.io.FilePermission "\{cmd\}", "execute"}} ; else {{java.io.FilePermission "-", "execute";}} \[[Permissions 082008|AA. Java References#Permissions 08]\]. However, in the latter case, all programs can be freely executed if the permission is granted. Consequently, permissions should be restricted per file only, by giving absolute paths. 

\[[OWASP 052005|AA. Java References#OWASP 05]\] [Reviewing Code for OS Injection|http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection]
\[[Chess 072007|AA. Java References#Chess 07]\] Chapter 5: Handling Input, "Command Injection"
\[[MITRE 092009|AA. Java References#MITRE 09]\] [CWE ID 78|http://cwe.mitre.org/data/definitions/78.html] "Failure to Preserve OS Command Structure (aka 'OS Command Injection')"