...
This noncompliant example is culpable on at least one count. It contains a privileged block that is used to perform two sensitive operations. First, loading a library and the second being setting the default exception handler. Fortunately, when the default security manager is used, it does not permit loading the library unless the RuntimePermission "loadLibrary.awt" is granted in the policy file. Quite deplorably, the programmer does not guard a caller from performing the second sensitive operation - setting the default exception reporter. This security weakness can be exploited, for example, by setting the verbosity of the handler to high so that the privilege separation mechanism envisioned by the rightful observers of the log files or error messages, is broken. This example also violates the advice of SEC01SEC36-J. Be careful using doPrivilegedGuard doPrivileged blocks against untrusted invocations by using a privileged block for carrying out operations of varying natures.
...