752 2013-06-11 16:05:46 +0200 Review Code Vulnerabilities (Permission Checks of new exposed code and privileged access) 2013-06-21 05:09:31 +0200 1 1 3 JogAmp General source_code unspecified All all RESOLVED FIXED P1 normal --- 1 sgothel sgothel --- gluegen 1a01dce6c42b398cdd68d405828774a3ab366456 joal 072ac81a76db9c9eb24c639a38bee75bf0ed5c9e jogl 05eef46e33f41f5c234ffb1563fd8f641208fe85 --- oldest_to_newest 2650 0 sgothel 2013-06-11 16:05:46 +0200 This review focuses on how we perform permission checks, or better - do we circumvent some assuming full privileges ? Some native methods do need extra permission validation, i.e. loading native libraries. Further more AccessController.doPrivileged(..) shall not cover generic code exposing a critical feature to the user. 2651 1 sgothel 2013-06-11 16:11:33 +0200 Further more .. we should rely on the SecuritManager, i.e. AccessControlContext's 'checkPermission(Permission)' code to comply w/ fine grained permission access. It is also possible to have full permission w/o having any certificates (-> policy file). 2652 2 sgothel 2013-06-11 16:48:48 +0200 Impact: - SecurityUtil's assumption of allowing to use internal AcceccControllerContext (medium): - access insecure properties - get temp folder w/o write access - Native Library loading bug: No dyn. link permission check (medium+): - Overwrite a currently in use library ? - Actually not w/ our code, since we cache the dynamic looked-up symbols (right after loading the library)