SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 11

changes.mady.by.user Fred Long

Saved on

compared with

New Version 12

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (jp)

The java.security.AllPermission class grants all possible permissions to the caller. This facility was included for routine testing purposes to make it less cumbersome to deal with a multitude of permissions or for use when the code is completely trusted. It should never be applied to untrusted code.

Noncompliant Code Example

This noncompliant example grants AllPermission to a library (klib). The permission itself is specified in the security policy file used by the security manager. Alternatively, a permission object can be obtained in the code by subclassing the Permission class (or any subclass like BasicPermission) in the java.security package.

Code Block
bgColor#FFcccc
/* grant the klib library AllPermission */ 
grant codebase "file:${klib.home}/j2ee/home/klib.jar" { 
  permission java.security.AllPermission; 
};

Compliant Solution

The policy file can be signed and made to provide more restrictive permissions.

Code Block
bgColor#ccccff
grant codeBase "file:${klib.home}/j2ee/home/klib.jar", signedBy "Admin" {
    permission java.io.FilePermission "/tmp/*", "read";
    permission java.io.SocketPermission "*", "connect";
};

Always assign appropriate permissions to code. This can be achieved by extending any of the permission classes. The next solution shows how to implement restrictive permissions within the code.

Code Block
bgColor#ccccff
//security manager code
perm = new java.io.FilePermission("/tmp/JavaFile","read");
//other code

Exceptions

SEC31-EX1: It may be necessary to grant AllPermission to trusted library code so that callbacks will work.

For example, it is common practice to grant AllPermission to the Java system code:

Code Block
// Standard extensions get all permissions by default

grant codeBase "file:${{java.ext.dirs}}/*" {
	permission java.security.AllPermission;
};

Risk Assessment

Granting AllPermission to untrusted code means that there is no security at all.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC31-J

high

probable

low

P18

L1

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\] [Class AllPermission|http://java.sun.com/javase/6/docs/api/java/security/AllPermission.html]
\[[Gong 03|AA. Java References#Gong 03]\]
\[[Security 06|AA. Java References#Security 06]\] [Security Architecture|http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html]

SEC30-J. Always use a Security Manager      00. Security (SEC)      SEC32-J. Do not grant ReflectPermission with action suppressAccessChecks