...
| Code Block | ||
|---|---|---|
| ||
public void changePassword() {
final FileInputStream f[] = { null };
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
String passwordFile = System.getProperty("user.dir") + File.separator
+ "PasswordFileName";
f[0] = new FileInputStream(passwordFile);
} catch (FileNotFoundException cnf) {
// Forward to handler
}
return null;
}
}); // end of doPrivileged()
// Operations on the file using handle f[0]
// while ensuring that the f[0] reference
// remains contained within changePassword()
System.loadLibrary("LibName");
}
|
Wiki Markup FileInputStream f\[java:0\]}} must not allow {{f\[java:0\]}} to escape out of {{changePassword()}} (see [java:SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary]).
Minimizing the amount of code that requires elevated privileges eases the necessary task of auditing privileged code.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC02-J | high | probable | high | P6 | L2 |
Automated Detection
Automated checking is not possible in the general case. Escape analysis might be used to check that privileged data is not leaked provided that privileged data is indicated by the user.
Related Guidelines
...
[ISO/IEC TR 24772:2010http://www.aitcnet.org/isai/] | "Privilege Sandbox Issues [java:XYO]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE ID 272, "Least Privilege Violation" |
Bibliography
...
[java:[API 2006AA. References#API 06]] | Class |
...