Bug 752

Summary: Review Code Vulnerabilities (Permission Checks of new exposed code and privileged access)
Product: [JogAmp] General Reporter: Sven Gothel <sgothel>
Component: source_codeAssignee: Sven Gothel <sgothel>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P1    
Version: unspecified   
Hardware: All   
OS: all   
Type: --- SCM Refs:
gluegen 1a01dce6c42b398cdd68d405828774a3ab366456 joal 072ac81a76db9c9eb24c639a38bee75bf0ed5c9e jogl 05eef46e33f41f5c234ffb1563fd8f641208fe85
Workaround: ---

Description Sven Gothel 2013-06-11 16:05:46 CEST 
This review focuses on how we perform permission checks,
or better - do we circumvent some assuming full privileges ?
Some native methods do need extra permission validation, i.e. loading native libraries.

Further more AccessController.doPrivileged(..) shall not cover generic code
exposing a critical feature to the user.
Comment 1 Sven Gothel 2013-06-11 16:11:33 CEST 
Further more .. we should rely on the SecuritManager, i.e. AccessControlContext's
'checkPermission(Permission)' code to comply w/ fine grained permission access.

It is also possible to have full permission w/o having any certificates (-> policy file).
Comment 2 Sven Gothel 2013-06-11 16:48:48 CEST 
Impact:

- SecurityUtil's assumption of allowing to use internal AcceccControllerContext (medium):
  - access insecure properties
  - get  temp folder w/o write access

- Native Library loading bug: No dyn. link permission check (medium+):
  - Overwrite a currently in use library ?
  - Actually not w/ our code, since we cache the dynamic looked-up symbols
    (right after loading the library)