...
| Wiki Markup |
|---|
This compliant solution moves the call to {{System.loadLibrary()}} outside the {{doPrivileged()}} block. Any operations on the file descriptor {{f\[0\]}} must also occur outside the privileged block to make it easier to audit privileged code. However, {{f\[0\]}} should not leak out to untrusted code (see [SEC02-J. Do not allow doPrivileged() blocks to leak sensitive information outside a trust boundary]). ThereforeAs a result, the "operations on the file" must not allow {{f[0]}} to escape out of {{changePassword()}}. Minimizing the amount of code that requires elevated privileges eases the necessary task of auditing privileged code. |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="78681c05d5e2e9c4-6124b4b2-44c74e2c-adcfa8e8-3ed4e0a09dd4fcb19f43a527"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE 272 | http://cwe.mitre.org/data/definitions/272.html] "Least Privilege Violation" | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a03821373da9bf33-d6626517-4cf94864-888da1ad-5a170e1ccbcee6ba2dd1f8cb"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> |
...