...
- A TOCTOU race condition exists between the first check and open. During this race window, an attacker can replace the regular file with a symbolic link or other non-regular file. The second check detects this race condition but does not eliminate it; an attacker can still cause the system to block when opening the file.
- An attacker could subvert this code by letting the check operate on a normal file, substituting the non-normal file for the open, and then resubstitute the normal file to circumvent the second check. This vulnerability exists because Java lacks any mechanism to obtain file attributes from a file by any means other than the file name, and the binding of the file name to a file object is reasserted every time the file name is used in an operation. Consequently, an attacker can still switch out a file for a nefarious file, such as a symbolic link.
- A system with hard links allows an attacker to construct a malicious file that is a hard link to a sensitive file. Hard links cannot be reliably detected by a program, and serve as a foil to canonicalization attempts which are prescribed by IDS03 IDS02-J. Canonicalize path names before validating them.
Compliant Solution (POSIX, Java 1.7, secure directory)
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e3cf408c4c08ba8d-d899c81f-49da4765-b799823b-6210fe1e98ae9ef4e8fc8a3d"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class File, methods | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c5bce0a88b55c368-3e4c3c29-4d70429c-bdb1bb18-f1f28bc1195953f7f8d8b3fc"><ac:plain-text-body><![CDATA[ | [[CVE 2008 | AA. Bibliography#CVE 08]] | [CVE-2008-5354 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2dce72d7264cf4f6-2050f0ef-415b46ec-ae0cba82-af3d802166e2255b6456594a"><ac:plain-text-body><![CDATA[ | [[Darwin 2004 | AA. Bibliography#Darwin 04]] | 11.5 Creating a Transient File | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8f988b30d61f55f1-a92e2836-42494417-91b986de-6e9b2e716d819abfa7ffa370"><ac:plain-text-body><![CDATA[ | [[Garfinkel 1996 | AA. Bibliography#Garfinkel 96]] | Section 5.6, "Device Files" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="86fce61bfcd836ea-0cf13cc7-410e4c58-9402bdb0-5f071a4cca5f7c9d1fc7a3bb"><ac:plain-text-body><![CDATA[ | [[Howard 2002 | AA. Bibliography#Howard 02]] | Chapter 11, "Canonical Representation Issues" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f7207d769bf76fb8-aa776f4b-4f444be4-a76a9d74-b5dd1bf684b571f44da8261f"><ac:plain-text-body><![CDATA[ | [[J2SE 2011 | AA. Bibliography#J2SE 11]] | The try-with-resources Statement | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c6acf5c8ea755079-611eeeb0-400c4bbf-b41c9060-36407e027b1a5a57b3aa6c9d"><ac:plain-text-body><![CDATA[ | [[Open Group 2004 | AA. Bibliography#Open Group 04]] | [ | http://www.opengroup.org/onlinepubs/009695399/functions/open.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="28b81dd444a67b68-3911291d-4c7648f8-bb028e62-2c3980c44db35b7abdbf319b"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. Bibliography#SDN 08]] | Bug IDs: 4171239, 4405521, 4635827, 4631820 | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4c56d2195556385d-ca4d5c27-4599496f-9c8497d2-1329cd027713c38e75dc097e"><ac:plain-text-body><![CDATA[ | [[Secunia 2008 | AA. Bibliography#Secunia 08]] | [Secunia Advisory 20132 | http://secunia.com/advisories/20132/] | ]]></ac:plain-text-body></ac:structured-macro> |
...