SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 61

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 62

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
Performing operations on device files intended only for ordinary character or binary files can result in crashes and denial-of-service (DoS) attacks. For example, when Windows attempts to interpret the device name as a file resource, it performs an invalid resource access that usually results in a crash \[[Howard 2002|AA. Bibliography#HowardReferences#Howard 02]\].

Wiki Markup
Device files in POSIX can be a security risk when an attacker can access them in an unauthorized way. For instance, if malicious programs can read or write to the {{/dev/kmem}} device, they may be able to alter their own priority, user ID, or other attributes of their process or they may simply crash the system. Similarly, access to disk devices, tape devices, network devices, and terminals being used by other processes can also lead to problems \[[Garfinkel 1996|AA. Bibliography#GarfinkelReferences#Garfinkel 96]\].

On Linux, it is possible to lock certain applications by attempting to read or write data on devices rather than files. Consider the following device path names:

...

Wiki Markup
On many systems, files can be simultaneously accessed by concurrent processes.  Exclusive access grants unrestricted file access to the locking process while denying access to all other processes, eliminating the potential for a race condition on the locked region. The {{java.nio.channels.FileLock}} class may be used for file locking. According to the Java API \[[API 2006|AA. Bibliography#APIReferences#API 06]\] documentation,

A file lock is either exclusive or shared. A shared lock prevents other concurrently running programs from acquiring an overlapping exclusive lock but does allow them to acquire overlapping shared locks. An exclusive lock prevents other programs from acquiring an overlapping lock of either type. Once it is released, a lock has no further effect on the locks that may be acquired by other programs.

...

Wiki Markup
The Java API \[[API 2006|AA. Bibliography#APIReferences#API 06]\] documentation states that "whether or not a lock actually prevents another program from accessing the content of the locked region is system-dependent and consequently unspecified."

...

Wiki Markup
The SE 7 Documentation \[[J2SE 2011|AA. Bibliography#J2SEReferences#J2SE 11]\] describes the {{fileKey}} attribute:

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d11ab68feed80746-2ce39c70-40a1461e-888e9c96-84ef5dc8c7d0bf5e8c191db8"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API References#API 06]]

Class File, methods createTempFile, delete, deleteOnExit

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cf0b0dca66b4b694-9b8fdf07-40e647b5-a7d5bb77-4f645eaa331e6eefb7b2fe4c"><ac:plain-text-body><![CDATA[

[[CVE 2011

AA. Bibliography#CVE References#CVE 08]]

[CVE-2008-5354

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c36c086ff591c73a-4e5349c3-4d32453e-b7b08d83-2ae968e60236e3f6f77c2035"><ac:plain-text-body><![CDATA[

[[Darwin 2004

AA. Bibliography#Darwin References#Darwin 04]]

11.5, Creating a Transient File

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a1e738f85ef807b7-ef8fedf6-48dd4bae-a221812e-96152dd816877e1cd1725fd1"><ac:plain-text-body><![CDATA[

[[Garfinkel 1996

AA. Bibliography#Garfinkel References#Garfinkel 96]]

Section 5.6, Device Files

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bb97d43d53d6fd81-bf9eb561-492243f5-86f9b3c8-6595793d11415983d5c8c57b"><ac:plain-text-body><![CDATA[

[[Howard 2002

AA. Bibliography#Howard References#Howard 02]]

Chapter 11, Canonical Representation Issues

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6c81a4af1a360cb6-e54f14ec-4d0049a0-82d5b156-e872096dccac32580381596e"><ac:plain-text-body><![CDATA[

[[J2SE 2011

AA. Bibliography#J2SE References#J2SE 11]]

The try-with-resources Statement

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5591611b6dbd19df-c7397ee1-4b694de7-b293bcd1-a0f7d04791cdb8be5297214b"><ac:plain-text-body><![CDATA[

[[Open Group 2004

AA. Bibliography#Open References#Open Group 04]]

[open()

http://www.opengroup.org/onlinepubs/009695399/functions/open.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9c208849bace782b-8bfde1f5-467f4ae6-9adcac40-21435ed9d0bd2235f687ef8e"><ac:plain-text-body><![CDATA[

[[SDN 2008

AA. Bibliography#SDN References#SDN 08]]

Bug IDs 4171239, 4405521, 4635827, 4631820

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2f3a2f840b187c95-a3d8ec60-469a443e-aa65a201-21afac38150ed9b1027c0c40"><ac:plain-text-body><![CDATA[

[[Secunia 2008

AA. Bibliography#Secunia References#Secunia 08]]

[Secunia Advisory 20132

http://secunia.com/advisories/20132/]

]]></ac:plain-text-body></ac:structured-macro>

...