...
| Wiki Markup |
|---|
This compliant solution moves the call to {{System.loadLibrary()}} outside the {{doPrivileged()}} block. Any operations on the file descriptor {{f\[0\]}} must also occur outside the privileged block to make it easier to audit privileged code. However, {{f\[0\]}} should not leak out to untrusted code (see [SEC02SEC00-J. Do not allow doPrivileged() blocks to leak sensitive information outside a trust boundary]). As a result, the "operations on the file" must not allow {{f[0]}} to escape out of {{changePassword()}}. Minimizing the amount of code that requires elevated privileges eases the necessary task of auditing privileged code. |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4deef6c18243fc15-3dffa401-45464cce-9740ad0a-86cd33f10e2322575a5c4152"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE 272 | http://cwe.mitre.org/data/definitions/272.html] "Least Privilege Violation" | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0aae5ebea4fa00c8-8b73f2dc-4950403e-badf8121-55305572987f0135a59b0f69"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> |
...