| Wiki Markup |
|---|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>ENV31-J. Never grant AllPermission to untrusted code - CERT Secure Coding Standards</title>
<meta id="confluence-context-path" name="confluence-context-path" content="/confluence">
<meta id="atlassian-token" name="atlassian-token" content="3UIncFJ_LX">
<meta id="confluence-space-key" name="confluence-space-key" content="java">
<script type="text/javascript">
// Deprecated global variables. To be removed in a future version of Confluence.
var contextPath = '/confluence';
var i18n = [];
</script>
<!-- include system resources -->
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:prototype/confluence.web.resources:prototype.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:scriptaculous/confluence.web.resources:scriptaculous.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:jquery/com.atlassian.auiplugin:jquery.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:jquery-base/com.atlassian.auiplugin:jquery-base.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:ajs/com.atlassian.auiplugin:ajs.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:dwr/engine.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:dwr/util.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-editor/confluence.web.resources:page-editor.css" media="all"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-editor/dwr-wysiwyg-converter.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-editor/dwr-user-profile-editor.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-editor/dwr-draft.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-editor/dwr-heartbeat.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-editor/confluence.web.resources:page-editor.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:jquery-selection/com.atlassian.auiplugin:jquery-selection.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:dialog/com.atlassian.auiplugin:dialog.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:dialog/com.atlassian.auiplugin:dialog.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:dialog/com.atlassian.auiplugin:dialog.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:raphael/confluence.web.resources:raphael.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.editor.actions:editor-macro-browser/confluence.editor.actions:editor-macro-browser.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.editor.actions:editor-macro-browser/confluence.editor.actions:editor-macro-browser.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.editor.actions:editor-macro-browser/confluence.editor.actions:editor-macro-browser.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:jquery-ui-draggable/com.atlassian.auiplugin:jquery-ui-draggable.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-ordering-tree/confluence.web.resources:page-ordering-tree.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-ordering-tree/confluence.web.resources:page-ordering-tree.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-ordering-tree/confluence.web.resources:page-ordering-tree.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-location-editor/confluence.web.resources:page-location-editor.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-permissions-editor/confluence.web.resources:page-permissions-editor.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-permissions-editor/EntitiesAjaxService.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:labels-editor/AddLabeltoEntity.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:labels-editor/RemoveLabelFromEntity.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:labels-editor/SuggestedLabelsForEntity.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:labels-editor/GenerateAutocompleteLabelsListForEntity.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:labels-editor/confluence.web.resources:labels-editor.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:labels-editor/confluence.web.resources:labels-editor.css" media="all"/>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:master-styles/confluence.web.resources:master-styles.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:master-styles/confluence.web.resources:master-styles.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:breadcrumbs/confluence.web.resources:breadcrumbs.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:print-styles/confluence.web.resources:print-styles.css?media=print" media="print"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:safe-ajax/confluence.web.resources:safe-ajax.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.userstatus:userstatus-resources/confluence.userstatus:userstatus-resources.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.userstatus:userstatus-resources/confluence.userstatus:userstatus-resources.css" media="all"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:master-scripts/confluence.web.resources:master-scripts.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:master-scripts/PageNotification.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:contentnamesearch/confluence.web.resources:contentnamesearch.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:contentnamesearch/confluence.web.resources:contentnamesearch.css" media="all"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:userlink/confluence.web.resources:userlink.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:userlink/confluence.web.resources:userlink.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:userlink/confluence.web.resources:userlink.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:drop-down/com.atlassian.auiplugin:drop-down.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:drop-down/com.atlassian.auiplugin:drop-down.css" media="all"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:atlassian-effects/confluence.web.resources:atlassian-effects.js" ></script>
<!-- end system resources -->
<link rel="stylesheet" href="/confluence/s/1627/6/1/_/styles/combined.css?spaceKey=java" type="text/css">
<meta name="robots" content="noindex,nofollow">
<meta name="robots" content="noarchive">
<meta name="confluence-request-time" content="1250711137367">
<link rel="shortcut icon" href="/confluence/favicon.ico">
<link rel="icon" type="image/png" href="/confluence/s/1627/6/_/images/logo/confluence_16.png">
<link rel="search" type="application/opensearchdescription+xml" href="/confluence/opensearch/osd.action" title="CERT Secure Coding Standards"/>
<script type="text/javascript">
function toggleMenu(menuId)
{
var visible = toggleVisibility(menuId);
if (visible)
setCookie("confluence.leftnav." + menuId, true);
else
setCookie("confluence.leftnav.", false);
}
function isMenuExpanded(menuId)
{
return getCookie("confluence.leftnav." + menuId);
}
function initMenuItem(menuId)
{
if (document.getElementById(menuId))
{
if (isMenuExpanded(menuId) == 'true')
{
document.getElementById(menuId).style.display = "block";
}
else
{
document.getElementById(menuId).style.display = "none";
}
}
}
</script>
</head>
<body onload="placeFocus()" id="com-atlassian-confluence">
<!--BEGIN HEADER -->
<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#ffffff"><tr>
<td valign="middle"><img src="https://www.cert.org/images/1pxinv.gif" width="5" height="94"></td><td valign="middle"><a href="https://www.cert.org/"><img
src="https://www.cert.org/cert/images/cert_logo.gif" alt="CERT" border="0"></a></td><td valign="bottom" align="right" width="100%">
<!--NAVIGATION TABLE-->
<table border="0" cellspacing="0" cellpadding="0" width="600"><a href="https://www.cert.org/work/software_assurance.html"><img src="https://www.cert.org/cert/images/1off.jpg"
width="132" height="21"
alt="Software Assurance" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a href="https://www.cert.org/work/secure_systems.html"><img
src="https://www.cert.org/cert/images/2off.jpg" width="109" height="21" alt="Secure Systems" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a
href="https://www.cert.org/work/organizational_security.html"><img
src="https://www.cert.org/cert/images/3off.jpg" width="140" height="21" alt="Organizational Security" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a
href="https://www.cert.org/work/coordinating_response.html"><img
src="https://www.cert.org/cert/images/4off.jpg" width="140" height="21" alt="Coordinating Response" border="0"></a><img
src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a href="https://www.cert.org/work/training.html"><img src="https://www.cert.org/cert/images/5off.jpg" width="75"
height="21" alt="Training" border="0"></a></td></tr></table>
<!--END NAVIGATION TABLE -->
</td></tr></table>
<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#666666"><tr><td><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="3"></td></tr></table>
<!--END HEADER -->
<script type="text/javascript">
AJS.toInit(function ($) {
$(".message-close-button").each(function () {
var li = $(this).parent();
var cookieId = this.alt;
$(this).click(function () {
li.slideUp();
setCookie(cookieId, true);
});
});
$("#messageContainer .confluence-messages").each(function () {
if (!getCookie(this.id)) {
$(this).show();
}
})
});
</script>
<div id="header">
<form id="quick-search" class="quick-search" method="get" action="/confluence/dosearchsite.action">
<fieldset>
<legend>Quick Search</legend>
<input class="quick-search-query" id="quick-search-query" type="text" accessKey="q" autocomplete="off" name="queryString" size="25" />
<input class="quick-search-submit" id="quick-search-submit" type="submit" value="Search" />
</fieldset>
<fieldset class="hidden parameters">
<input type="hidden" class="quickSearchPlaceholder" id="quickSearchPlaceholder" value="Search" />
<input type="hidden" id="quickNavEnabled" value="true" />
<!-- Quick nav disabled. SettingsManager could not be found --> </fieldset>
</form>
<ol id="breadcrumbs">
<li class="first" ><span>
<a href="/confluence/dashboard.action">Dashboard</a>
</span></li>
<li><span>
<a href="/confluence/display/java">java</a>
</span></li>
<li id="ellipsis" title=" …
The CERT Sun Microsystems Secure Coding Standard for Java
…
"><span><strong>…</strong></span></li>
<li class="hidden-crumb" ><span>
<a href="/confluence/display/java/The+CERT+Sun+Microsystems+Secure+Coding+Standard+for+Java">The CERT Sun Microsystems Secure Coding Standard for Java</a>
</span></li>
<li><span>
<a href="/confluence/display/java/00.+Runtime+Environment+%28ENV%29">00. Runtime Environment (ENV)</a>
</span></li>
<li><span>
<a href="/confluence/display/java/ENV31-J.+Never+grant+AllPermission+to+untrusted+code">ENV31-J. Never grant AllPermission to untrusted code</a>
</span></li>
<li><span>
Edit Page
</span></li>
</ol>
</div>
<div id="PageContent">
<table cellspacing="0" cellpadding="0" width="100%">
<tr>
<td width="150px" valign="top" class="sidebar" nowrap>
<div class="leftnav">
<div id="logodiv">
<a href="/confluence/display/java"><img class="logo global" src="/confluence/images/logo/confluence_48_white.png" alt=""></a> </div>
<div id="menu">
<table class="sectionMacro" border="0" cellpadding="5" cellspacing="0" width="100%"><tbody><tr>
<td class="confluenceTd" valign="top" width="105%">
<div class='panelMacro'><table class='infoMacro'><tr><td><p><b>Standards</b><br/>
<a href="/confluence/display/seccode/CERT+Secure+Coding+Standards" title="CERT Secure Coding Standards">Overview</a><br/>
<a href="/confluence/display/seccode/CERT+C+Secure+Coding+Standard" title="CERT C Secure Coding Standard">C Language</a><br/>
<a href="/confluence/pages/viewpage.action?pageId=637" title="CERT C++ Secure Coding Standard">C++</a><br/>
<a href="/confluence/display/java/The+CERT+Sun+Microsystems+Secure+Coding+Standard+for+Java" title="The CERT Sun Microsystems Secure Coding Standard for Java">Java</a></p>
<p><b>CERT Websites</b><br/>
<a href="http://www.cert.org/" rel="nofollow">CERT</a><br/>
<a href="http://www.cert.org/secure-coding" rel="nofollow">Secure Coding</a><br/>
<a href="http://www.cert.org/tech_tips/" rel="nofollow">Tech Tips</a></p>
<p><b>Related Websites</b><br/>
<a href="https://buildsecurityin.us-cert.gov/daisy/bsi/home.html" rel="nofollow">Build Security In</a></p>
<p><a href="http://www.informit.com/store/product.aspx?isbn=0321563212" rel="nofollow"><span class="image-wrap" style=""><img src="https://www.cert.org/images/cert-c-book-cover-100.jpg" border="0" width="100" /></span></a></p>
<p><a href="http://www.cert.org/books/secure-coding/" rel="nofollow"><span class="image-wrap" style=""><img src="https://www.cert.org/images/securec.jpg" border="0" width="100" /></span></a></p>
<p><b>Related Sites</b><br/>
<a href="http://www.us-cert.gov/" rel="nofollow"><span class="image-wrap" style=""><img src="https://www.cert.org/images/logo/uscert_4g_sm.jpg" border="0" /></span></a><br/>
<a href="http://www.cylab.cmu.edu/" title="http://www.cylab.cmu.edu/" rel="nofollow"><span class="image-wrap" style=""><img src="https://www.cert.org/images/logo/cylab_alt.jpg" border="0" /></span></a></p></td></tr></table></div></td></tr></tbody></table>
<h5><a href="#" onCLick="toggleMenu('pagenav'); return false;"><img src="/confluence/images/icons/docs_16.gif" width=16 height=16 border=0 align=absmiddle >Page Operations</a></h5>
<div id="pagenav" class="subnav" style="display:none;">
<ul>
<li><a id="viewPageLink" href="/confluence/display/java/ENV31-J.+Never+grant+AllPermission+to+untrusted+code" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="v"><u>V</u>iew</a></li>
<li><a id="editPageLink" href="/confluence/pages/editpage.action?pageId=18186739" class="current" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="e"><u>E</u>dit</a></li>
<li><a id="view-attachments-link" href="/confluence/pages/viewpageattachments.action?pageId=18186739" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="a"><u>A</u>ttachments (0)</a></li>
<li><a id="view-page-info-link" href="/confluence/pages/viewinfo.action?pageId=18186739" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="i"><u>I</u>nfo</a></li>
<li><a href="/confluence/pages/worddav/uploadimport.action?pageId=18186739" onClick="javascript:saveDraftOnPageChange(this); return false;" >Doc Import</a></li>
</ul>
</div>
<h5><a href="#" onCLick="toggleMenu('browsenav'); return false;"><img src="/confluence/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Find Content">Browse Space</a></h5>
<div id="browsenav" class="subnav" style="display:none;">
<ul>
<li><a href="/confluence/pages/listpages.action?key=java" >Pages</a></li>
<li><a href="/confluence/pages/viewrecentblogposts.action?key=java" >News</a></li>
<li><a href="/confluence/labels/listlabels-heatmap.action?key=java" >Labels</a></li>
<li><a href="/confluence/spaces/listattachmentsforspace.action?key=java" >Attachments</a></li>
<li><a href="/confluence/spaces/viewmailarchive.action?key=java" >Mail</a></li>
<li><a href="/confluence/spaces/viewspacesummary.action?key=java" >Advanced</a></li>
</ul>
</div>
<h5><a href="#" onCLick="toggleMenu('addcontent'); return false;"><img src="/confluence/images/icons/add_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Content">Add Content</a></h5>
<div id="addcontent" class="subnav" style="display:none;">
<ul>
<li><a href="/confluence/pages/createpage.action?spaceKey=java&fromPageId=18186739"><img src="/confluence/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page"> Add Page</a></li>
<li><a href="/confluence/pages/createblogpost.action?spaceKey=java"><img src="/confluence/images/icons/add_blogentry_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add News"> Add News</a></li>
</ul>
</div>
</div>
<script type="text/javascript">
initMenuItem("browsenav");
initMenuItem("pagenav");
initMenuItem("addcontent");
</script>
</div>
</td>
<td valign="top" width="100%">
<!-- Inner content table -->
<table width="100%" cellpadding="2" cellspacing="0">
<tr>
<td colspan="2" valign="middle" align="right" style="background-color:#F0F0F0">
<ul id="page-view-panel">
<li> <a href="/confluence/pages/editpage.action?pageId=18186739&decorator=printable" rel="nofollow" title="View a printable version of the current page." class="print icon">View a printable version of the current page.</a>
</li>
<li>
<a href="/confluence/spaces/flyingpdf/pdfpageexport.action?pageId=18186739&atl_token=3UIncFJ_LX" rel="nofollow" title="Export Page as PDF" class="pdf icon">Export Page as PDF</a>
</li>
<li> </li>
</ul>
<ul id="user-control-panel">
<li class="first">Welcome <a href="/confluence/display/~agoyal">Ankur Goyal</a></li>
<li><a id="set-user-status-link" href="/confluence/display/~agoyal" >Update Status…</a></li>
<li><a id="view-user-history-link" href="/confluence/users/viewuserhistory.action" >Recently Viewed</a></li>
<li><a id="user-settings-link" href="/confluence/users/viewmysettings.action" >Settings</a></li>
<li><a id="logout-link" href="/confluence/logout.action" >Log Out</a></li>
</ul>
</td>
</tr>
<tr>
<td id="mainViewPane">
<div>
<table class="fullWidthBorderless">
<td><span id="spaceFullNameLink"> <a href="/confluence/display/java">java</a> </span></td>
<td align="right">
<a id="pageFavourite" href="/confluence/labels/addfavourite.action?entityId=18186739&atl_token=3UIncFJ_LX"><img src="/confluence/images/icons/star_grey.gif" height="16" width="16" border="0" align="absmiddle" title="Add this page to your favourites list" alt="Add this page to your favourites list"></a>
<a id="pageWatch" href="/confluence/pages/addpagenotification.action?pageId=18186739&atl_token=3UIncFJ_LX"><img src="/confluence/images/icons/watch_16.gif" height="16" width="16" border="0" align="absmiddle" title="Watch this page" alt="Watch this page"></a>
</td>
</table>
<h1>
<a href="/confluence/display/java/ENV31-J.+Never+grant+AllPermission+to+untrusted+code">ENV31-J. Never grant AllPermission to untrusted code</a>
</h1>
</div>
<div id="content">
<!-- call the page decorator -->
<!--
Root decorator: this is a layer of abstraction that Confluence doesn't need. It will be removed eventually.
-->
<!--[if gte IE 5.5000]>
<script language="JavaScript">
function correctPNG() // correctly handle PNG transparency in Win IE 5.5 or higher.
{
for(var i=0; i<document.images.length; i++)
{
var img = document.images[i]
var imgName = img.src.toUpperCase()
if (imgName.substring(imgName.length-3, imgName.length) == "PNG")
{
var imgID = (img.id) ? "id='" + img.id + "' " : ""
var imgClass = (img.className) ? "class='" + img.className + "' " : ""
var imgTitle = (img.title) ? "title='" + img.title + "' " : "title='" + img.alt + "' "
var imgStyle = "display:inline-block;" + img.style.cssText
if (img.align == "left") imgStyle = "float:left;" + imgStyle
if (img.align == "right") imgStyle = "float:right;" + imgStyle
if (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle
var strNewHTML = "<span " + imgID + imgClass + imgTitle
+ " style=\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";"
+ "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader"
+ "(src=\'" + img.src + "\', sizingMethod='scale');\"></span>"
img.outerHTML = strNewHTML
i = i-1
}
}
}
window.attachEvent("onload", correctPNG);
</script>
<![endif]-->
<div id="editpage">
<fieldset class="hidden parameters">
<input type="hidden" id="spaceKey" value="java">
<input type="hidden" id="pageId" value="18186739">
<input type="hidden" id="originalParentPage" value="00. Runtime Environment (ENV)">
<input type="hidden" id="formName" value="editpageform">
<input type="hidden" id="defaultContentTitle" value="">
<input type="hidden" id="draftSavedMessage" value="Draft saved at {0}">
<input type="hidden" id="draftSavingMessage" value="Saving draft…">
<input type="hidden" id="draftSavingTimedOutMessage" value="Draft saving timed out">
</fieldset>
<form id="editpageform" name="editpageform" method="post" action="doeditpage.action?pageId=18186739" class="editor">
<input type="hidden" name="atl_token" value="3UIncFJ_LX">
<input
type="hidden"
name="labelsShowing" value="false" id="labelsShowing" /> <input
type="hidden"
name="restrictionsShowing" value="false" id="restrictionsShowing" /> <input
type="hidden"
name="locationShowing" value="false" id="locationShowing" />
<input
type="hidden"
name="originalVersion" value="35" id="originalVersion" /> <input
type="hidden"
name="originalContent" value="The {{java.security.AllPermission}} class grants all possible permissions to the caller. This facility was included for routine testing purposes to make it less cumbersome to deal with a multitude of permissions or for use when the code is completely trusted. It should never be granted to untrusted code.
h2. Noncompliant Code Example
This noncompliant example grants {{AllPermission}} to the {{klib}} library. The permission itself is specified in the security policy file used by the security manager. Alternatively, a permission object can be obtained in the code by subclassing the Permission class (or any subclass such as BasicPermission) in the java.security package. {{AllPermission}} can be granted to a {{ProtectionDomain}} using such an object. This is again a bad practice.
{code:bgColor=#FFcccc}
/* grant the klib library AllPermission */
grant codebase "file:${klib.home}/j2se/home/klib.jar" {
permission java.security.AllPermission;
};
{code}
h2. Compliant Solution
This compliant solution shows a policy file that can be used to enforce fine-grained permissions.
{code:bgColor=#ccccff}
grant codeBase "file:${klib.home}/j2se/home/klib.jar", signedBy "Admin" {
permission java.io.FilePermission "/tmp/*", "read";
permission java.io.SocketPermission "*", "connect";
};
{code}
To check whether the caller has the requisite permissions, use the following check within the code:
{code}
//security manager code
perm = new java.io.FilePermission("/tmp/JavaFile","read");
AccessController.checkPermission(perm);
//other code
{code}
Always assign appropriate permissions to code. When more control is required over the granularity of permissions, define custom permissions. ([SEC08-J. Define custom security permissions for fine grained security])
h2. Noncompliant Code Example
This noncompliant example shows an overridden {{getPermissions()}} method, defined in a custom class loader. It grants {{java.security.AllPermission}} to any class that it loads. This example also violates [SEC10-J. Call the superclass's getPermissions method when writing a custom class loader].
{code:bgColor=#FFcccc}
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = new Permissions();
pc.add(new java.security.AllPermission());
// other permissions
return pc;
}
{code}
h2. Compliant Solution
This compliant solution does not grant the {{java.security.AllPermission}} to any class it loads.
{code:bgColor=#ccccff}
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = super.getPermissions(cs);
// fine-grain permissions
return pc;
}
{code}
h2. Exceptions
*EX1:* It may be necessary to grant {{AllPermission}} to trusted library code so that callbacks will work. For example, it is a common practice to grant {{AllPermission}} to the optional Java system code packages:
{code}
// Standard extensions get all permissions by default
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};
{code}
h2. Risk Assessment
Granting {{AllPermission}} to untrusted code allows it to perform arbitrary operations.
|| Rule || Severity || Likelihood || Remediation Cost || Priority || Level ||
| ENV31-CPP | high | likely | low | {color:red}{*}P27{*}{color} | {color:red}{*}L1{*}{color} |
h3. Automated Detection
TODO
h3. Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the [CERT website|https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+ENV31-J].
h2. References
\[[API 06|AA. Java References#API 06]\] [Class AllPermission|http://java.sun.com/javase/6/docs/api/java/security/AllPermission.html]
\[[Gong 03|AA. Java References#Gong 03]\]
\[[Security 06|AA. Java References#Security 06]\] [Security Architecture|http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html]
----
[!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_left.png!|ENV30-J. Create a secure sandbox using a Security Manager] [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_up.png!|01. Platform Security (SEC)] [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_right.png!|ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks]
" id="orginalContent" /> <input
type="hidden"
name="conflictingVersion" value="35" id="conflictingVersion" />
<div id="wiki-editor">
<!-- remove content link -->
<div class="remove-control">
<a href="/confluence/pages/removepage.action?pageId=18186739"><img src="/confluence/images/icons/trash_16.gif" width="16" height="16" border="0px" align="absmiddle" title="Remove"></a> <a href="/confluence/pages/removepage.action?pageId=18186739">Remove Page</a>
</div>
<!-- title text field -->
<div id="content-title-div" class="inputSection">
<input type="text" name="title" size="43" value="ENV31-J. Never grant AllPermission to untrusted code" tabindex="1" id="content-title" class="pagetitle">
</div>
<!-- captcha form elements -->
<div id='heartbeat-div' class="hidden">
<table cellpadding='5' cellspacing='8px' class='noteMacro' border="0" align='center'>
<tr><td valign='top' width="1%"><img src="/confluence/s/1627/6/_/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>
This page is being edited by <span id='other-users-span'></span>.
</td></tr>
</table>
</div>
<!-- template link -->
<!-- content editor -->
<div class="inputSection">
<div class="submit-buttons">
<input tabindex="102" accessKey="s" type="submit" name="confirm" value="Save">
<input tabindex="104" type="submit" name="cancel" value="Cancel"> </div>
<div id="draft-status">
</div>
<div id="editorDiv">
<fieldset class="hidden parameters">
<input type="hidden" id="contextPath" value="/confluence">
<input type="hidden" id="contentId" value="18186739">
<input type="hidden" id="contentType" value="page">
<input type="hidden" id="useWysiwyg" value="false">
<input type="hidden" id="saveDrafts" value="true">
<input type="hidden" id="draftType" value="page">
<input type="hidden" id="heartbeat" value="true">
<input type="hidden" id="newPage" value="">
<input type="hidden" id="maxThumbWidth" value="200">
<input type="hidden" id="editorMode" value="markup">
<input type="hidden" id="paramsHeight" value="480">
<input type="hidden" id="isDevMode" value="false">
<input type="hidden" id="parametersName" value="content">
<input type="hidden" id="parametersId" value="content">
<input type="hidden" id="actionLocale" value="en_GB">
<input type="hidden" id="actionMarkup" value="markup">
<input type="hidden" id="actionRichtext" value="richtext">
<input type="hidden" id="actionPreview" value="preview">
<input type="hidden" id="spaceKey" value="java">
<input type="hidden" id="remoteUser" value="agoyal">
<input type="hidden" id="editorPluginResourcePrefix" value="/confluence/s/1627/6/3.0.0_01/_">
<input type="hidden" id="staticResourceUrlPrefix" value="/confluence/s/1627/6/_">
<input type="hidden" id="blankSearchText" value="Search">
<input type="hidden" id="loadBrowserErrorMessage" value="There has been an error loading the macro browser. Please try again or see your system administrator.">
<input type="hidden" id="unknownMacroMessage" value="Could not load unknown macro in the macro browser.">
<input type="hidden" id="nestingSameMacroNotAllowedMessage" value="Macros with the same name cannot be nested inside each other.">
<input type="hidden" id="loadingMessage" value="The Macro Browser has not yet been initialised. Please try again in a few seconds.">
<input type="hidden" id="categoryAllLabel" value="All">
<input type="hidden" id="nextButtonLabel" value="Next">
<input type="hidden" id="backButtonLabel" value="Back">
<input type="hidden" id="previewButtonLabel" value="Preview">
<input type="hidden" id="cancelButtonLabel" value="Cancel">
<input type="hidden" id="insertButtonLabel" value="Insert">
<input type="hidden" id="saveButtonLabel" value="Save">
<input type="hidden" id="formName" value="editpageform">
</fieldset>
<ul id="editor-tabs" class="tab-navigation">
<li id="markupTab" class="tab current">
<a href="#">Wiki Markup</a>
</li>
<li id="previewTab" class="tab ">
<a href="#">Preview</a>
</li>
<li id="wysiwygWaitImage" class="notab loading">Loadingâ¦</li>
</ul>
<div id="linkinserters" >
<a id="editor-insert-link" href="#" title="Insert Link (Ctrl+K)">
<span class="editor-icon"></span>
</a>
<a id="editor-insert-image" href="#" title="Insert Image (Ctrl+M)">
<span class="editor-icon"></span>
</a>
<a id="editor-insert-macro" href="#" title="Macro Browser">
<span class="editor-icon"></span>
</a>
</div>
<div id="markup" >
<textarea id="markupTextarea" name="content"
cols="80"
rows="30"
tabindex="5" style=""
class="monospaceInput"
>The {{java.security.AllPermission}} class grants all possible permissions to the caller. This facility was included for routine testing purposes to make it less cumbersome to deal with a multitude of permissions or for use when the code is completely trusted. It should never be granted to untrusted code.
h2. Noncompliant Code Example
This noncompliant example grants {{AllPermission}} to the {{klib}} library. The permission itself is specified in the security policy file used by the security manager. Alternatively, a permission object can be obtained in the code by subclassing the Permission class (or any subclass such as BasicPermission) in the java.security package. {{AllPermission}} can be granted to a {{ProtectionDomain}} using such an object. This is again a bad practice.
{code:bgColor=#FFcccc}
/* grant the klib library AllPermission */
grant codebase "file:${klib.home}/j2se/home/klib.jar" {
permission java.security.AllPermission;
};
{code}
h2. Compliant Solution
This compliant solution shows a policy file that can be used to enforce fine-grained permissions.
{code:bgColor=#ccccff}
grant codeBase "file:${klib.home}/j2se/home/klib.jar", signedBy "Admin" {
permission java.io.FilePermission "/tmp/*", "read";
permission java.io.SocketPermission "*", "connect";
};
{code}
To check whether the caller has the requisite permissions, use the following check within the code:
{code}
//security manager code
perm = new java.io.FilePermission("/tmp/JavaFile","read");
AccessController.checkPermission(perm);
//other code
{code}
Always assign appropriate permissions to code. When more control is required over the granularity of permissions, define custom permissions. ([SEC08-J. Define custom security permissions for fine grained security])
h2. Noncompliant Code Example
This noncompliant example shows an overridden {{getPermissions()}} method, defined in a custom class loader. It grants {{java.security.AllPermission}} to any class that it loads. This example also violates [SEC10-J. Call the superclass's getPermissions method when writing a custom class loader].
{code:bgColor=#FFcccc}
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = new Permissions();
pc.add(new java.security.AllPermission());
// other permissions
return pc;
}
{code}
h2. Compliant Solution
This compliant solution does not grant the {{java.security.AllPermission}} to any class it loads.
{code:bgColor=#ccccff}
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = super.getPermissions(cs);
// fine-grain permissions
return pc;
}
{code}
h2. Exceptions
*EX1:* It may be necessary to grant {{AllPermission}} to trusted library code so that callbacks will work. For example, it is a common practice to grant {{AllPermission}} to the optional Java system code packages:
{code}
// Standard extensions get all permissions by default
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};
{code}
h2. Risk Assessment
Granting {{AllPermission}} to untrusted code allows it to perform arbitrary operations.
|| Rule || Severity || Likelihood || Remediation Cost || Priority || Level ||
| ENV31-CPP | high | likely | low | {color:red}{*}P27{*}{color} | {color:red}{*}L1{*}{color} |
h3. Automated Detection
TODO
h3. Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the [CERT website|https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+ENV31-J].
h2. References
\[[API 06|AA. Java References#API 06]\] [Class AllPermission|http://java.sun.com/javase/6/docs/api/java/security/AllPermission.html]
\[[Gong 03|AA. Java References#Gong 03]\]
\[[Security 06|AA. Java References#Security 06]\] [Security Architecture|http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html]
----
[!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_left.png!|ENV30-J. Create a secure sandbox using a Security Manager] [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_up.png!|01. Platform Security (SEC)] [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_right.png!|ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks]
</textarea>
</div>
<input id="selectedText" name="selectedText" type="hidden">
<input type="hidden" name="sel1"> <input type="hidden" name="sel2"> <input type="hidden" name="inPreview" value="false"/>
<input type="hidden" name="mode" value="markup"/>
<input type="hidden" name="xhtml" value="false"/>
<div id="preview" class="hidden">
<div id="previewArea"></div>
</div>
<div id="macro-browser-templates" class="hidden">
<ol id="macro-summaries-template" class="macro-list"></ol>
<ul>
<li id="macro-summary-template" class="macro-list-item">
<h3 class="macro-title"></h3>
<div class="macro-desc"></div>
</li>
</ul>
<div id="macro-insert-template">
<input class="macro-name" type="hidden"/>
<div class="macro-preview-container dialog-panel">
<div class="macro-preview-header">
<a href="#">Refresh</a>
<span>Preview</span>
</div>
<div class="macro-preview"></div>
</div>
<div class="macro-input-fields dialog-panel"></div>
</div>
<span id="macro-doco-link-template">
<a href="#" class="macro-doco-link">Documentation</a>
</span>
<div id="macro-freeform-template" class="macro-freeform-div">
<div class="macro-freeform-desc">This macro does not provide any parameter information. If the available information does not help, you may find its documentation at <a href=http://confluence.atlassian.com/display/CONFEXT>Confluence Extensions</a>.</div>
<div class="macro-freeform-input">
{<span class="macro-name-display"></span><input type="text" class="macro-text"/>}
</div>
<div class="macro-example hidden">
<h3 class="underlined">Examples</h3>
</div>
<div class="macro-help hidden">
<h3 class="underlined">Description</h3>
</div>
</div>
<div id="macro-param-template" class="macro-param-div">
<label></label>
<input type="text" class="text"/>
</div>
<div id="macro-param-checkbox-template" class="macro-param-div boolean-param">
<label></label>
<input type="checkbox" value="true"/>
</div>
<div id="macro-param-select-template" class="macro-param-div">
<label></label>
<select></select>
</div>
<div id="macro-param-hidden-text-template" class="macro-param-div">
<label></label>
<input type="text" class="text"/>
<input type="hidden"/>
</div>
<div id="macro-param-hidden-template" class="macro-param-div">
<input type="hidden"/>
</div>
<div id="macro-param-desc-template" class="macro-param-desc"></div>
<div id="macro-body-template" class="macro-body-div">
<label>Body Text</label>
<textarea class="monospaceInput textarea" type="text" rows="10"></textarea>
</div>
</div> </div>
</div>
<!-- comment field and minor edit checkbox -->
<div class="inputSection">
<div class="minor-edit">
<input id="minorEdit" type="checkbox" name="minorEdit" value="true" />
<label for="minorEdit">
<span class="smalltext"><b>Minor change?</b> (no notifications will be sent)</span>
</label>
</div>
<span class="formtitle">Comment:</span>
<input type="text"
name="versionComment"
size="40" tabindex="6" class="monospaceInput" style="width: 50%" /> </div>
<!-- content location editor -->
<div class="inputSection">
<fieldset class="hidden parameters">
<input type="hidden" title="editLabel" value="Edit">
<input type="hidden" title="doneLabel" value="Done">
<input type="hidden" title="showLocation" value="false">
<input type="hidden" title="hasChildren" value="false">
<input type="hidden" title="availableSpacesSize" value="4">
<input type="hidden" title="spaceKey" value="java">
<input type="hidden" title="pageId" value="18186739">
<input type="hidden" title="actionMode" value="edit">
<input type="hidden" title="parentPageId" value="33128636">
<input type="hidden" title="expandedNodes" class="list" value="4179">
<input type="hidden" title="expandedNodes" class="list" value="33128636">
</fieldset>
<span class="formtitle">Location:</span>
<span id="location_info">
<span id="space_info" >
<span id="space_content">java</span>
</span>
<span id="parent_info" >
> <span id="parent_content">00. Runtime Environment (ENV)</span>
</span>
<a href="" class="inline-control-link" id="location_edit_link">Edit</a>
</span>
<a name="locationSection"/>
<div id="location_div" class="toggleFormDiv editor-panel hidden">
<div class="smalltext" style="float:right">You can move the highlighted page by dragging it to a new position in the tree.</div>
<div>
<label id="currentLocation" class="formtitle">Space</label>
<select id="newSpaceKey" name="newSpaceKey" tabindex="3">
<option value="cplusplus" >C++ Secure Coding Practices</option>
<option value="java" selected>java</option>
<option value="seccode" >Secure Coding</option>
<option value="SD" >Secure Design</option>
</select>
</div>
<div id="resultsDiv"></div>
<div style="padding: 10px" id="outer-container"><div id="tree-div" style="min-height:150px"></div></div>
<input id="parentPageString" type="hidden" value="00. Runtime Environment (ENV)" name="parentPageString"/>
<input id="hierarchy_checkbox" type="hidden" name="moveHierarchy" value="true" />
<input id="position" type="hidden" value="" name="position"/>
<input id="targetId" type="hidden" value="" name="targetId"/>
</div>
</div>
<!-- content permissions -->
<div class="inputSection">
<!-- Copy some methods out of prototype 1.5 since we can't rev to it yet due to it causing a memory leak in jwebunit 1.2 and hence our func tests -->
<!-- this block of javascript can be removed when we rev to prototype 1.5 -->
<script type="text/javascript">
Array.prototype.indexOf = function(object)
{
for (var i = 0, length = this.length; i < length; i++)
if (this[i] == object) return i;
return -1;
}
Array.prototype.without = function()
{
var values = $A(arguments);
return this.select(function(value)
{
return !values.include(value);
});
}
String.prototype.strip = function()
{
return this.replace(/^\s+/, '').replace(/\s+$/, '');
}
</script>
<script type="text/javascript">
var viewPagePermissions = new PagePermissions();
var editPagePermissions = new PagePermissions();
var viewPermissionManager = new PermissionManager(PagePermissionType.VIEW);
var editPermissionManager = new PermissionManager(PagePermissionType.EDIT);
var currentPermissionManager = viewPermissionManager;
i18n['perms.remove'] = 'Remove';
i18n['done.name.caps'] = 'Done';
i18n['edit.name.caps'] = 'Edit';
i18n['page.perms.viewing.restricted'] = 'Viewing restricted to:';
i18n['page.perms.editing.restricted'] = 'Editing restricted to:';
i18n['page.perms.no.view.restrictions'] = 'No viewing restrictions set on this page';
i18n['page.perms.no.edit.restrictions'] = 'No editing restrictions set on this page';
i18n['page.perms.duplicate.names'] = 'Duplicate user or group name(s):';
i18n['page.perms.invalid.entity.names'] = 'Invalid user or group name(s):';
</script>
</div>
<!-- labels section -->
<div class="inputSection">
<fieldset class="hidden parameters">
<input type="hidden" id="editLabel" value="Edit">
<input type="hidden" id="doneLabel" value="Done">
<input type="hidden" id="pageId" value="18186739">
</fieldset>
<div id="labels_tab">
<span class="formtitle">Labels: </span>
<a href="" class="inline-control-link" id="labels_edit_link">Edit</a>
</div>
<div id="labels_info">
review-one
</div>
<div id="labels_div" class="toggleFormDiv editor-panel hidden" style="padding: 8px;">
<table width="100%">
<tr>
<td width="60%" valign="top">
<span class="error">
<span class="errorMessage" id="errorSpan"></span>
</span>
<input autocomplete="off" type="text" id="labelsString" name="labelsString" value="review-one" class="monospaceInput" style="width:100%;" />
<div class="smalltext">Looking for a label? Just start typing.</div>
<div class="auto_complete" id="labelsAutocompleteList"></div>
</td>
<td valign="top">
<div id="suggestedLabelsSpan" style="margin-top:5px;">
</div>
</td>
</tr>
</table>
</div>
</div>
<div class="submit-buttons bottom">
<input tabindex="102" accessKey="s" type="submit" name="confirm" value="Save">
<input tabindex="104" type="submit" name="cancel" value="Cancel"> </div>
</div>
</form>
</div>
</div>
</td>
<td valign="top" id="helptd" style="display:block; width:200px; border-top:1px solid #CCC;">
<div style="padding-left:5px;">
<div id="info-panel" class="rightpanel">
<h3 id="helpheading">Help Tips</h3>
<div id="helpcontent">
<dl>
<dt class="first">Text formatting</dt>
<dd class="text-formatting"><code>*bold*</code> <strong>bold</strong></dd>
<dd class="text-formatting"><code>_italic_</code> <em>italic</em></dd>
<dd class="text-formatting"><code>-strike-</code> <del>strike</del></dd>
<dd class="text-formatting"><code>+under+</code> <u>under</u></dd>
<dt>Headings
<dd><code>h1.</code> Large heading</dd>
<dd><code>h3.</code> Medium heading</dd>
<dd><code>h5.</code> Small heading</dd>
<dt>Lists</dt>
<dd><code>*</code> Bulleted point</dd>
<dd><code>#</code> Numbered point</dd>
<dt>Tables</dt>
<dd><pre>||head1 ||head2||
| colA1 | colA2 |
| colB1 | colB2 |</pre></dd>
<dt>Links</dt>
<dd><code>[title#anchor]</code> Link a page</dd>
<dd><code>[dev:title]</code> In 'dev' space</dd>
<dd><code>[http://host.com]</code> Remote link</dd>
<dd><code>[phrase@shortcut]</code> Shortcut</dd>
<dd><code>[alias|link]</code> Custom link title
</dl>
<a href="/confluence/renderer/notationhelp.action" onClick="window.open('/confluence/renderer/notationhelp.action','notation_help','width=780, height=580, resizable, scrollbars'); return false;">Full notation guide</a>
</div>
</div>
</div>
</td>
</tr>
</table>
<!-- End inner content table -->
</td>
</tr>
</table>
</div>
<!-- <ul id="poweredby">
<li>Powered by <a href="http://www.atlassian.com/software/confluence" class="smalltext">Atlassian Confluence</a> 3.0.0_01, the <a href="http://www.atlassian.com/software/confluence" class="smalltext">Enterprise Wiki</a>.</li>
<li><a href="http://jira.atlassian.com/secure/BrowseProject.jspa?id=10470" class="smalltext">Bug/feature request</a> –</li>
<li><a href="http://www.atlassian.com/about/connected.jsp?s_kwcid=Confluence-stayintouch" class="smalltext">Atlassian news</a> –</li>
<li><a href="/confluence/administrators.action">Contact administrators</a></li>
</ul>
-->
<!-- delay the loading of large javascript files to the end so that they don't interfere with the loading of page content -->
<span style="display: none"></span>
<!--BEGIN FOOTER -->
<table border="0" width="100%" cellspacing="0" cellpadding="8" bgcolor="#666666"><tr>
<td width="50%"><img src="https://www.cert.org/cert/images/sei_cmu_logo2.gif" alt="Software Engineering Institute | Carnegie Mellon University" border="0" usemap="#footermap"/>
<map name="footermap" id="footermap">
<area shape="rect" coords="2,2,233,19" href="http://www.sei.cmu.edu/" alt="Software Engineering Institute"/>
<area shape="rect" coords="241,3,341,19" href="http://www.cmu.edu/" alt="Carnegie Mellon University" />
</map>
</td>
<td width="50%" align="right">
<span style="font-size:11px; color:#ffffff; font-family:Verdana">
<a style="color:#ffffff" href="https://www.cert.org/">Home</a> |
<a style="color:#ffffff" href="https://www.cert.org/meet_cert/meetcertcc.html">About</a> |
<a style="color:#ffffff" href="https://www.cert.org/contact_cert/">Contact</a> |
<a style="color:#ffffff" href="https://www.cert.org/faq/cert_faq.html">FAQ</a> |
<a style="color:#ffffff" href="https://www.cert.org/stats/">Statistics</a> |
<a style="color:#ffffff" href="https://www.cert.org/jobs/">Jobs</a> |
<a style="color:#ffffff" href="https://www.cert.org/legal_stuff/">Legal</a> |
<a style="color:#ffffff" href="https://www.securecoding.cert.org/confluence/display/seccode/Terms+and+Conditions">Legal</a>
<br/>
Copyright © 1995-2009 Carnegie Mellon University
</td>
</tr>
</table>
<!--END FOOTER -->
</body>
</html>
|
The java.security.AllPermission class grants all possible permissions to the caller. This facility was included for routine testing purposes to make it less cumbersome to deal with a multitude of permissions or for use when the code is completely trusted. It should never be granted to untrusted code.
Noncompliant Code Example
This noncompliant example grants AllPermission to the klib library. The permission itself is specified in the security policy file used by the security manager. Alternatively, a permission object can be obtained in the code by subclassing the Permission class (or any subclass such as BasicPermission) in the java.security package. AllPermission can be granted to a ProtectionDomain using such an object. This is again a bad practice.
| Code Block | ||
|---|---|---|
| ||
/* grant the klib library AllPermission */
grant codebase "file:${klib.home}/j2se/home/klib.jar" {
permission java.security.AllPermission;
};
|
Compliant Solution
This compliant solution shows a policy file that can be used to enforce fine-grained permissions.
| Code Block | ||
|---|---|---|
| ||
grant codeBase "file:${klib.home}/j2se/home/klib.jar", signedBy "Admin" {
permission java.io.FilePermission "/tmp/*", "read";
permission java.io.SocketPermission "*", "connect";
};
|
To check whether the caller has the requisite permissions, use the following check within the code:
| Code Block |
|---|
//security manager code
perm = new java.io.FilePermission("/tmp/JavaFile","read");
AccessController.checkPermission(perm);
//other code
|
Always assign appropriate permissions to code. When more control is required over the granularity of permissions, define custom permissions. (SEC08-J. Define custom security permissions for fine grained security)
Noncompliant Code Example
This noncompliant example shows an overridden getPermissions() method, defined in a custom class loader. It grants java.security.AllPermission to any class that it loads. This example also violates SEC10-J. Call the superclass's getPermissions method when writing a custom class loader.
| Code Block | ||
|---|---|---|
| ||
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = new Permissions();
pc.add(new java.security.AllPermission());
// other permissions
return pc;
}
|
Compliant Solution
This compliant solution does not grant the java.security.AllPermission to any class it loads.
| Code Block | ||
|---|---|---|
| ||
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = super.getPermissions(cs);
// fine-grain permissions
return pc;
}
|
Exceptions
EX1: It may be necessary to grant AllPermission to trusted library code so that callbacks will work. For example, it is a common practice to grant AllPermission to the optional Java system code packages:
| Code Block |
|---|
// Standard extensions get all permissions by default
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};
|
Risk Assessment
Granting AllPermission to untrusted code allows it to perform arbitrary operations.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV31-J | high | likely | low | P27 | L1 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] [Class AllPermission|http://java.sun.com/javase/6/docs/api/java/security/AllPermission.html]
\[[Gong 03|AA. Java References#Gong 03]\]
\[[Security 06|AA. Java References#Security 06]\] [Security Architecture|http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html] |
...