...
A weakness in a privileged program caused by relying on untrusted sources such as the environment (See guideline ENV06-J. Provide a trusted environment and sanitize all inputs) , can result in the execution of a command or a program that has more privileges than those possessed by a typical user. This noncompliant code example shows such a variant of the OS command injection vulnerability.
...
An alternative is to read the file names from a source existing in a secure directory, inaccessible to an attacker. The security policy file may grant permissions to the application to execute files from a specific directory. The security manager must be used when running the application. (See guideline ENV02-J. Create a secure sandbox using a Security Manager.) . The security manager's checkExec(String cmd) method allows checking whether the program has the permissions to create the subprocess and execute the external program.
...
OS command injection can cause arbitrary programs to be executed.
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS06-J | high | probable | medium | P12 | L1 |
...