SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 25

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 26

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot

Wiki Markup
The default {{SecurityManager}} checks whether the caller of a particular method has sufficient permissions to proceed with an action. An action is a level of access, for instance, the actions for {{java.io.FilePermission}} are "read""read", "write""write", "execute""execute", and "delete""delete" \[[Sun 06|AA. Java References#Sun 06]\]. The Permission Descriptions and Risks guide \[[Permissions 08|AA. Java References#Permissions 08]\] enumerates the default permissions and the risks associated with granting these permissions to Java code.

...

Code Block
bgColor#FFcccc
class LoadLibrary {
  private void loadLibrary() {
    AccessController.doPrivileged(new PrivilegedAction() {
      public Object run() {
        // privileged code
        System.loadLibrary("awt""awt");
        // perform some sensitive operation like setting the default exception handler
        MyExceptionReporter.setExceptionReporter(reporter); 
        return null; 
      }
    });		  
  }
}

...

Code Block
bgColor#ccccff
class LoadLibrary {
  private void loadLibrary() {
    AccessController.doPrivileged(new PrivilegedAction() {
      public Object run() {
        // privileged code
        System.loadLibrary("awt""awt");
      
        SecurityManager sm = System.getSecurityManager();
        if(sm != null) {
          sm.checkPermission(new ExceptionReporterPermission(""exc.reporter""));
        }

        // perform some sensitive operation like setting the default exception handler
        MyExceptionReporter.setExceptionReporter(reporter); 
        return null; 
      }
    });		  
  }
}

class ExceptionReporterPermission extends BasicPermission {
  public ExceptionReporterPermission(String permName) {
    super(permName);
  }

  // Even though the actions parameter is ignored, this constructor has to be defined
  public ExceptionReporterPermission(String permName, String actions) {
    super(permName, actions);
  }
}

Assuming that the above sources reside in the c:\package directory on a Windows based system, for example, the policy file needs to grant two permissions, ExceptionReporterPermission exc.reporter and RuntimePermission loadlibrary.awt.

Code Block
grant codeBase ""file:c:\\package"" {  // For *nix, file:${user.home}/package/ 
  permission ExceptionReporterPermission ""exc.reporter"";
  permission java.lang.RuntimePermission ""loadLibrary.awt""; 
};

Risk Assessment

Running Java code without defining custom permissions where default ones are inapplicable can leave an application open to privilege escalation vulnerabilities.

...

Wiki Markup
\[[API 06|AA. Java References#API 06]\] [Class SecurityManager|http://java.sun.com/javase/6/docs/api/java/lang/SecurityManager.html]
\[[Oaks 01|AA. Java References#Oaks 01]\] Chapter 5: The Access Controller, "Permissions""Permissions"
\[[Policy 02|AA. Java References#Policy 02]\]
\[[Sun 06|AA. Java References#Sun 06]\] [Permission Descriptions and Risks|http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html]

...

SEC07-J. Do not grant untrusted code access to classes existing in forbidden packages            02. Platform Security (SEC)            SEC09-J. Prefer using SSLSockets over Sockets for secure data exchange