...
| Wiki Markup |
|---|
This compliant solution moves the call to {{System.loadLibrary()}} outside the {{doPrivileged()}} block. Any operations on the file descriptor {{f\[0\]}} must also occur outside the privileged block to make it easier to audit privileged code. However, {{f\[0\]}} should not leak out to untrusted code (see [SEC02SEC00-J. Do not allow doPrivileged() blocks to leak sensitive information outside a trust boundary]). As a result, the "operations on the file" must not allow {{f[0]}} to escape out of {{changePassword()}}. Minimizing the amount of code that requires elevated privileges eases the necessary task of auditing privileged code. |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b6d251ba043808cc-27c5b2d7-4f1647e2-aeafb294-cbe3864e08b0b4384821d11f"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE 272 | http://cwe.mitre.org/data/definitions/272.html] "Least Privilege Violation" | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1e782b901d744481-f5830475-4e304168-83428e92-5562e7b5977486ecf7aeeee8"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> |
...