Page History

...

Users often assume that Java class files obtained from a trustworthy source will be conforming and, consequently, safe for execution. This belief can erroneously lead them to see bytecode verification as a superfluous activity for such classes. Consequently, they could disable bytecode verification, undermining Java's safety and security guarantees.

Noncompliant Code Example

The bytecode verification process runs by default. The -Xverify:none flag on the JVM command line suppresses the verification process. This noncompliant code example uses the flag to disable bytecode verification.

java -Xverify:none ApplicationName

Compliant Solution

Most JVM implementations perform bytecode verification by default; it is also performed during dynamic class loading.

...

java -Xverify:all ApplicationName

Exceptions

ENV10-EX1: On Java 2 systems, the primordial class loader is permitted to omit bytecode verification of classes loaded from the boot class path. These system classes are protected through platform and file system protections, rather than by the bytecode verification process.

Risk Assessment

Bytecode verification ensures that the bytecode contains many of the security checks mandated by the Java Language Specification. Omitting the verification step could permit execution of unsafe Java code.

Automated Detection

Static checking of this rule is not feasible in the general case.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

...