...
- A TOCTOU race condition exists between the first check and open. During this race window, an attacker can replace the regular file with a symbolic link or other non-regular file. The second check detects this race condition but does not eliminate it; an attacker can still cause the system to block when opening the file.
- An attacker could subvert this code by letting the check operate on a normal file, substituting the non-normal file for the open, and then resubstitute the normal file to circumvent the second check. This vulnerability exists because Java lacks any mechanism to obtain file attributes from a file by any means other than the file name, and the binding of the file name to a file object is reasserted every time the file name is used in an operation. Consequently, an attacker can still switch out a file for a nefarious file, such as a symbolic link.
- A system with hard links allows an attacker to construct a malicious file that is a hard link to a sensitive file. Hard links cannot be reliably detected by a program, and serve as a foil to canonicalization attempts which are prescribed by IDS21IDS03-J. Canonicalize path names before validating them.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6bdac74d632b204e-1b55c797-44cf4370-aed5a8e3-ac831fb560c2d4e8b719ef2f"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class File, methods | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c2f4cce86ef300f2-cfb76f29-4ad84b89-babb9151-a3eb57bbe17753d387a984c7"><ac:plain-text-body><![CDATA[ | [[CVE 2008 | AA. Bibliography#CVE 08]] | [CVE-2008-5354 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9b4e78e3aaaad572-620fae2d-4e534fcc-87b59a3a-597bb4d2769f1eb968977cf2"><ac:plain-text-body><![CDATA[ | [[Darwin 2004 | AA. Bibliography#Darwin 04]] | 11.5 Creating a Transient File | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e327a2f1fe59d6f1-ae6f4e4d-4ce54b22-a8d58009-01f1b7f5d371ac1c02bcd9fb"><ac:plain-text-body><![CDATA[ | [[Garfinkel 1996 | AA. Bibliography#Garfinkel 96]] | Section 5.6, "Device Files" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9f750ffe6722c4c2-dc711e36-49064cf4-bababc20-61105bf695bd55224eeb4234"><ac:plain-text-body><![CDATA[ | [[Howard 2002 | AA. Bibliography#Howard 02]] | Chapter 11, "Canonical Representation Issues" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4b873bd6facca84e-31653403-48b3460a-902cb1e6-8cc22242edf06ba38d5ab45c"><ac:plain-text-body><![CDATA[ | [[J2SE 2011 | AA. Bibliography#J2SE 11]] | The try-with-resources Statement | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8398689fc62b224c-aa9285c1-4fde484e-b6c6b818-0f7195351791f40610640a84"><ac:plain-text-body><![CDATA[ | [[Open Group 2004 | AA. Bibliography#Open Group 04]] | [ | http://www.opengroup.org/onlinepubs/009695399/functions/open.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d2c023215dd2ddaf-3e0e9026-4d0d4c3e-a0acb44f-912a7326723d33e55003ad81"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. Bibliography#SDN 08]] | Bug IDs: 4171239, 4405521, 4635827, 4631820 | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ac3494ba30305079-ff83d6dc-43f944f3-a1f48e37-697efa92cae21738e9380193"><ac:plain-text-body><![CDATA[ | [[Secunia 2008 | AA. Bibliography#Secunia 08]] | [Secunia Advisory 20132 | http://secunia.com/advisories/20132/] | ]]></ac:plain-text-body></ac:structured-macro> |
...