Guidelines
Content by Label | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
SEC20-J. Do not expect java.lang.reflect.method.invoke() to behave as the immediate caller
Introduction
Wiki Markup |
---|
According to the principle of least privilege, every program and every user of the system should operate using the least set of privileges necessary to complete the particular task \[[Saltzer 1974|AA. Bibliography#Saltzer 74], [Saltzer 1975|AA. Bibliography#Saltzer 75]\]. The Build Security In website \[[DHS 2006|AA. Bibliography#DHS 06]\] provides additional definitions of this principle. Executing with minimal privileges mitigates against exploitation in case a vulnerability is discovered in the code. These principles can be applied in various ways to Java language programming. |
...
A security manager is an object that defines a security policy for Java code. This policy specifies actions that are unsafe or sensitive. Any actions not allowed by the security policy cause a SecurityException
to be thrown. Code can also query its security manager to discover which actions are allowed. The security manager can also be used to control the functions the trusted Java API can perform. (See guideline ENV02-J. Create a secure sandbox using a Security Manager.) When untrusted code should be disallowed from accessing system classes, it should be granted specific permissions to prevent it from accessing trusted classes in the specified packages. The accessClassInPackage
permission provides the required functionality. (See guideline SEC12-J. Do not grant untrusted code access to classes in inaccessible packages.) Doing so does not limit what system classes can do; however, it restricts the range of system packages that can be used from less-privileged code.
Risk Assessment Summary
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
SEC00-J | high | probable | high | P6 | L2 |
SEC01-J | medium | likely | medium | P12 | L1 |
SEC02-J | medium | likely | high | P6 | L2 |
SEC03-J | high | likely | low | P27 | L1 |
SEC04-J | high | probable | medium | P12 | L1 |
SEC05-J | high | probable | medium | P12 | L1 |
SEC06-J | high | probable | medium | P12 | L1 |
SEC07-J | medium | probable | low | P12 | L1 |
SEC08-J | high | probable | medium | P12 | L1 |
SEC09-J | high | probable | medium | P12 | L1 |
SEC10-J | medium | probable | high | P4 | L3 |
SEC11-J | high | probable | low | P18 | L1 |
SEC12-J | high | likely | high | P9 | L2 |
SEC13-J | high | likely | high | P9 | L2 |
SEC14-J | medium | probable | high | P4 | L3 |
SEC15-J | medium | likely | high | P6 | L2 |
SEC16-J | medium | probable | high | P4 | L3 |
SEC17-J | medium | likely | low | P18 | L1 |
SEC18-J | medium | probable | high | P4 | L3 |
SEC19-J | high | probable | medium | P12 | L1 |
SEC21-J | high | probable | high | P6 | L2 |
...