...
Signing unprivileged code violates the principle of least privilege because it can circumvent security restrictions defined by the security policies of applets and JNLP applications, for example.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV00-J | High | Probable | Medium | P12 | L1 |
Automated Detection
Detecting code that should be considered privileged or sensitive requires programmer assistance. Given identified privileged code as a starting point, automated tools could compute the closure of all code that can be invoked from that point. Such a tool could plausibly determine whether a body of signed code both includes that entire closure and excludes all other code.
Related Guidelines
Adherence to least privilege [XYN] |
Android Implementation Details
The Android system uses code signing as a means to identify the author of an application and establish trust relationships between applications, not as a means to grant elevated privileges to code.
Bibliography
...
...