Bug 752 - Review Code Vulnerabilities (Permission Checks of new exposed code and privileged access)
Summary: Review Code Vulnerabilities (Permission Checks of new exposed code and privil...
Status: RESOLVED FIXED
Alias: None
Product: General
Classification: JogAmp
Component: source_code (show other bugs)
Version: unspecified
Hardware: All all
: P1 normal
Assignee: Sven Gothel
URL:
Depends on:
Blocks:
 
Reported: 2013-06-11 16:05 CEST by Sven Gothel
Modified: 2013-06-21 05:09 CEST (History)
0 users

See Also:
Type: ---
SCM Refs:
gluegen 1a01dce6c42b398cdd68d405828774a3ab366456 joal 072ac81a76db9c9eb24c639a38bee75bf0ed5c9e jogl 05eef46e33f41f5c234ffb1563fd8f641208fe85
Workaround: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Gothel 2013-06-11 16:05:46 CEST 
This review focuses on how we perform permission checks,
or better - do we circumvent some assuming full privileges ?
Some native methods do need extra permission validation, i.e. loading native libraries.

Further more AccessController.doPrivileged(..) shall not cover generic code
exposing a critical feature to the user.
Comment 1 Sven Gothel 2013-06-11 16:11:33 CEST 
Further more .. we should rely on the SecuritManager, i.e. AccessControlContext's
'checkPermission(Permission)' code to comply w/ fine grained permission access.

It is also possible to have full permission w/o having any certificates (-> policy file).
Comment 2 Sven Gothel 2013-06-11 16:48:48 CEST 
Impact:

- SecurityUtil's assumption of allowing to use internal AcceccControllerContext (medium):
  - access insecure properties
  - get  temp folder w/o write access

- Native Library loading bug: No dyn. link permission check (medium+):
  - Overwrite a currently in use library ?
  - Actually not w/ our code, since we cache the dynamic looked-up symbols
    (right after loading the library)