SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 5

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0 (sch jp)

The static method doPrivileged is used to affirm that the invoking method is taking responsibility for exercising its own permissions and that the access permissions of its callers should be ignored. For example, an application may have permissions to operate on a sensitive file, however, a caller of this application may be allowed to operate with only basic user permissions. Invoking doPrivileged() in the context of this method allows it to exercise its own (possibly elevated) permissions under such circumstances.

...

Noncompliant Code Example

There are two fallacies in this non-compliant noncompliant code example. First, the doPrivileged method is being called from inside the openPasswordFile method. The openPasswordFile method is privileged and returns a FileInputStream reference to its caller. This allows any caller to call openPasswordFile() directly and obtain a reference to the sensitive file due to the inherent privileges present within the corresponding code. Second, the name of the sensitive password file is user controllable which introduces other risks such as unaccounted misuse of miscellaneous sensitive files.

...

Code Block
bgColor#ccccff
class password {

 public static void changePassword() {
  //Use own privilege to open the sensitive password file
  final String password_file = "password"; 
  final FileInputStream f[] = {null};
  AccessController.doPrivileged(new PrivilegedAction() {
  public Object run() {
   try {
         f[0] = openPasswordFile(password_file);  //call the privileged method here
   }catch(FileNotFoundException cnf) { System.err.println(cnf.getMessage()); }
   return null;
   }
  });
 //Perform other operations such as password verification
 }	

 public static FileInputStream openPasswordFile(String password_file) throws FileNotFoundException {
  FileInputStream f = new FileInputStream("c:\\" + password_file);
  //Perform read/write operations on password file
  return f;
 }
}

...

Risk Assessment
TODO
 Rule 
 Severity 
 Likelihood 
 Remediation Cost 
 Priority 
 Level 
 SEC01-J 
 ?? 
 ?? 
 ?? 
 P?? 
 L?? 
Automated Detection
TODO
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
(h2. Ref)erences
Inside Java 2 Platform Security, 6.4 AccessController
 Sun Secure Coding Guidelines http://java.sun.com/security/seccodeguide.html
 Documentation http://java.sun.com/j2se/1.4.2/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)