...
| Code Block | ||
|---|---|---|
| ||
class NativeCode {
public native void loadLib();
static {
try {
System.loadLibrary(""/com/foo/MyLib.so"");
}catch(UnsatisfiedLinkError e) { e.getMessage(); }
}
}
class Untrusted {
public static void untrustedCode() {
new NativeCode().loadLib();
}
}
|
...
| Code Block |
|---|
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
System.loadLibrary("awt""awt");
return null;
}
});
|
Non-native library code can also be susceptible to related security flaws. Loading a non-native safe library, by itself may not expose a vulnerability but after loading an unsafe library, an attacker can easily exploit it if it contains other vulnerabilities. Moreover, non-native libraries often make use of doPrivileged blocks, making them a lucrative target.
...
| Code Block | ||
|---|---|---|
| ||
Class c = Class.forName("Foo""Foo"); // explicitly hardcode |
...
| Code Block | ||
|---|---|---|
| ||
private Class doLogic() {
ClassLoader myLoader = new myClassLoader();
Class myClass = myLoader.loadClass("MyClass""MyClass");
return myClass; // returns Class instance to untrusted code
}
|
...
| Code Block | ||
|---|---|---|
| ||
private void doLogic() {
ClassLoader myLoader = new myClassLoader();
Class myClass = myLoader.loadClass("MyClass""MyClass");
// do what is is required here itself; do not return myClass
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[SCG 07|AA. Java References#SCG 07]\] Guideline 6-3 Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance |
...
SEC32-J. Create and sign a SignedObject before creating a SealedObject 02. Platform Security (SEC) SEC34-J. Do not allow tainted variables in doPrivileged blocks