The bytecode verifier is an internal component of the Java Virtual Machine (JVM) and is responsible for detecting non-confirming Java bytecode. It ensures that the class file is in the proper format, illegal type casts are not performed, and it prevents operand stack overflows or underflows. Users sometime assume that code obtained from a trustworthy source is conforming and consequently safe for execution. Bytecode verification may be misconstrued as a superfluous activity in such cases and consequently, Java's safety and security guarantees may be severely undermined.
The bytecode verification process is automatically initiated unless the -Xverify:none flag is specified on the command line. This noncompliant code example uses this flag to disable bytecode verification.
java -Xverify:none ApplicationName |
Bytecode verification happens by default in most implementations. The verification is automatically performed when a class loader loads a class dynamically.
If it does not, the -Xverify:all flag can be specified on the command line as shown in this compliant solution.
java -Xverify:all ApplicationName |
ENV10-EX1: On Java 2 systems, classes loaded by the primordial class loader (that loads classes from the boot class path) are not required to perform bytecode verification.
The code that is not subject to bytecode verification can bypass security checks that are normally expected to be performed by Java code.
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
ENV10-J |
high |
likely |
low |
P27 |
L1 |
TODO
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[Oaks 2001|AA. Java References#Oaks 01]\] The Bytecode Verifier \[[Pistoia 2004|AA. Java References#Pistoia 04]\] Section 7.3, The Class File Verifier |
ENV09-J. Limit remote uses of JVM Monitoring and Managing 01. Runtime Environment (ENV) 02. Platform Security (SEC)