When Java source code is compiled, it is converted into bytecode, saved in one or more class files, and executed by the Java Virtual Machine (JVM). Java class files may be compiled on one machine and executed on another machine. A properly-generated class file is said to be conforming. When the JVM loads a class file, it has no way of knowing if whether the class file is conforming. The class file could have been created by some other process, or a malicious hacker could tamper with a conforming class file.
The Java bytecode verifier is an internal component of the JVM and that is responsible for detecting non-conforming Java bytecode. It ensures that the class file is in the proper Java class format, that illegal type casts are not performed, and operand stack overflows or underflows can not occurare avoided, that operand stack underflows are impossible, and that each method eventually removes from the operand stack everything pushed by that method.
Users often assume that Java class files that have been obtained from a trustworthy source will be conforming and, consequently, safe for execution. They might then misconstrue This belief may erroneously lead them to see bytecode verification as a superfluous activity in for such cases andclasses. Consequently, they may disable bytecode verification, severely undermining and thus undermine Java's safety and security guarantees.
...
The bytecode verification process is automatically initiated unless the runs by default. The -Xverify:none flag is specified on the JVM command line that invokes suppresses the JVMverification process. This noncompliant code example uses this the flag to disable bytecode verification.
| Code Block | ||
|---|---|---|
| ||
java -Xverify:none ApplicationName |
Compliant Solution
Bytecode Most JVM implementations perform bytecode verification happens by default in most JVM implementations. Bytecode verification ; it is also performed automatically when a class loader loads a class dynamically.during dynamic class loading.
Specifying If a JVM has bytecode verification disabled, the -Xverify:all flag can be specified on the command line requires the JVM to enable bytecode verification (even when it would otherwise have been suppressed), as shown in this compliant solution.
...
ENV10-EX1: On Java 2 systems, classes that are loaded by the primordial class loader (that loads classes is permitted to omit bytecode verification of classes loaded from the boot class path) are not required to perform bytecode verification.
Risk Assessment
Code that is not subject to bytecode verification can bypass security checks that are normally expected to be performed by Java Bytecode verification ensures that the bytecode contains many of the security checks mandated by the Java Language Specification. Omitting the verification step could permit execution of unsafe Java code.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV10-J | high | likely | low | P27 | L1 |
Automated Detection
TODOStatic checking of this guideline is not feasible in the general case.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...