The default SecurityManager checks whether the caller of a particular method has sufficient permissions to proceed with an action. An action is a level of access; for instance, the actions for java.io.FilePermission are read, write, execute, and delete [API 2011]. The "Permission Descriptions and Risks" guide [Oracle 2008b2008] enumerates the default permissions and the risks associated with granting these permissions to Java code.
...
This guideline addresses the problem of excess privileges. See 171. SEC50-JG16. Avoid granting excess privileges for another approach to solving this problem.
...
By default, permissions cannot be defined to support actions using BasicPermission, but the actions can be freely implemented in the subclass ExceptionReporterPermission if required. BasicPermission is abstract even though it contains no abstract methods; it defines all the methods that it extends from the Permission class. The custom-defined subclass of the BasicPermission class has to define two constructors to call the most appropriate (one- or two-argument) superclass constructor (the superclass lacks a default constructor). The two-argument constructor also accepts an action even though a basic permission does not use it. This behavior is required for constructing permission objects from the policy file. Note that the custom-defined subclass of the BasicPermission class is declared to be final in accordance with guideline VOID 15. OBJ56-JG. Either design classes for inheritance or declare them as final.
Applicability
Running Java code without defining custom permissions where default permissions are inapplicable can leave an application open to privilege escalation vulnerabilities.
...
| [API 2011] | Class FilePermission Class SecurityManager |
| [Oaks 2001] | Chapter 5, "The Access Controller," "Permissions" |
| [Oracle 2008b2008] | Permissions in the Java™ SE 6 Development Kit (JDK) |
| [Oracle 2012c] | Permissions in Java SE 7 Development Kit (JDK) |
| [Policy 2002] | "Permission Descriptions and Risks" |
...