...
| Code Block | ||
|---|---|---|
| ||
// grant the klib library AllPermission grant codebase ""file:${klib.home}/j2se/home/klib.jar"" { permission java.security.AllPermission; }; |
...
| Code Block | ||
|---|---|---|
| ||
grant codeBase ""file:${klib.home}/j2se/home/klib.jar"", signedBy "Admin""Admin" { permission java.io.FilePermission ""/tmp/*"", "read""read"; permission java.io.SocketPermission "*""*", "connect""connect"; }; |
To check whether the caller has the requisite permissions, standard Java APIs use code such as:
| Code Block |
|---|
//security manager code perm = new java.io.FilePermission(""/tmp/JavaFile","read"","read"); AccessController.checkPermission(perm); //other code |
...
| Code Block |
|---|
// Standard extensions extend the core platform and get all permissions by default grant codeBase ""file:${{java.ext.dirs}}/*"" { permission java.security.AllPermission; }; |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] [Class AllPermission|http://java.sun.com/javase/6/docs/api/java/security/AllPermission.html] \[[Gong 03|AA. Java References#Gong 03]\] \[[Security 06|AA. Java References#Security 06]\] [Security Architecture|http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html] |
...
ENV30-J. Create a secure sandbox using a Security Manager 01. Runtime Environment (ENV) ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks