Page History

...

The applet security manager denies applets all but the most essential privileges. It is designed to protect inadvertent system modification, information leakage and user impersonation. The use of security managers is not limited to client side protection. Webservers, such as Tomcat and Websphere, use this facility to isolate trojan servlets and malicious JSP code, as well as to protect sensitive system resources from inadvertent access.

...

The security manager is closely tied to the AccessController class. The former is used as a hub for access control whereas the latter is the actual implementer of the access control algorithm. The security manager supports:

• Providing backward compatibility: Legacy code often contains custom implementations of the security manager class because it was originally abstract.
• Defining custom policies: Subclassing the security manager permits definition of custom security policies (e.g. for example, multilevel, coarse, or fine grainedgrain).

Regarding the implementation and use of custom security managers, as opposed to default ones, the Java Security Architecture Specification \[[SecuritySpec 2008|AA. Bibliography#SecuritySpec 08]\] states

...

The command line option is preferred when applications must be prohibited from installing custom security managers programmatically and, and thus, are required to abide by the default global security policy under all circumstances. This compliant solution installs the default security manager using the appropriate command line flags. The security policy file grants permissions to the application for its intended actions.

...

The default security policy file {{java.policy — found }}—found in the /path/to/java.home/lib/security directory on UNIX-like systems and its equivalent on Microsoft Windows systems — grants systems—grants a few permissions (reading system properties, binding to unprivileged ports, and so forth). There may also be a user-specific policy file located in the user's home directory. The union of these policy files specifies the permissions granted to a program. The java.security file can specify which policy files are used. If either of the system-wide java.policy or java.security files is deleted, no permissions are granted to the executing Java program.

...

All Java security depends on the existence of a SecurityManager. In the absence of a SecurityManager, arbitrary code may execute including can execute, which can include code provided by an adversaryattacker.

...

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Related Guidelines

MITRE CWE: CWE-358 "Improperly Implemented Security Check for Standard"

Bibliography

\[[API 2006|AA. Bibliography#API 06]\] [Class SecurityManager|http://java.sun.com/javase/6/docs/api/java/lang/SecurityManager.html], Class AccessControlContext, Class AccessController
\[[Gong 2003|AA. Bibliography#Gong 03]\] Section 6.1, Security Manager
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 358|http://cwe.mitre.org/data/definitions/358.html] "Improperly Implemented Security Check for Standard"
\[[Pistoia 2004|AA. Bibliography#Pistoia 04]\] Section 7.4, The Security Manager
\[[Policy 2002|AA. Bibliography#Policy 02]\]\[[SecuritySpec 2008|AA. Bibliography#SecuritySpec 08]\] 6.2 SecurityManager versus AccessController

...