...
It follows that unprivileged code is not required to be digitally signed and therefore should not be. This conviction adequately respects the guideline SEC00-J. Follow the principles of least privilege.
Exceptions
EX1: An organization that has an internal PKI and uses code signing for internal development activities (such as to facilitate code-check-in and track developers) may sign unprivileged code. This codebase should however, not be carried forward to the production environment. The keys used for signing must not be used to ship the products.
Risk Assessment
Signing unprivileged code violates the principle of least privilege as it can circumvent security restrictions defined by the security policies of applets and JNLP applications, for example.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC13 ENV00-J | high | probable | medium | P12 | L1 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Schneier 00|AA. Java References#Schneier 00]\] \[[McGraw 00|AA. Java References#McGraw 00]\] Appendix C: Sign Only Privileged Code \[[Dormann 08|AA. Java References#Dormann 08]\] |
...