...
| Code Block | ||
|---|---|---|
| ||
public void changePassword(String currentPassword, String newPassword) {
final FileInputStream f[] = { null };
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
String passwordFile = System.getProperty("user.dir") + File.separator + "PasswordFileName";
f[0] = new FileInputStream(passwordFile);
// Check whether oldPassword matches the one in the file
// If not, throw an exception
System.loadLibrary("authentication");
} catch (FileNotFoundException cnf) {
// Forward to handler
}
return null;
}
}); // end of doPrivileged()
}
|
This example violates the principle of least privilege because an unprivileged caller will also cause the authentication library to be loaded. An unprivileged caller should not be allowed to invoke System.loadLibrary() method especially via the doPrivileged mechanism because System.loadLibrary uses only the immediate caller's class loader to find and load the library. Unprivileged code is seldom granted privileges to load libraries because doing so would expose native methods to the unprivileged code [SCG 2010] .
...
| Code Block | ||
|---|---|---|
| ||
public void changePassword(String currentPassword, String newPassword) {
final FileInputStream f[] = { null };
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
try {
String passwordFile = System.getProperty("user.dir") + File.separator + "PasswordFileName";
f[0] = new FileInputStream(passwordFile);
// Check whether oldPassword matches the one in the file
// If not, throw an exception
} catch (FileNotFoundException cnf) {
// Forward to handler
}
return null;
}
}); // end of doPrivileged()
System.loadLibrary("authentication");
}
|
The loadLibrary() invocation could also occur before performing preliminary password-reset checks, however, it is deferred for performance reasons.
...