This review focuses on how we perform permission checks,
or better - do we circumvent some assuming full privileges ?
Some native methods do need extra permission validation, i.e. loading native libraries.
Further more AccessController.doPrivileged(..) shall not cover generic code
exposing a critical feature to the user.
Further more .. we should rely on the SecuritManager, i.e. AccessControlContext's
'checkPermission(Permission)' code to comply w/ fine grained permission access.
It is also possible to have full permission w/o having any certificates (-> policy file).
- SecurityUtil's assumption of allowing to use internal AcceccControllerContext (medium):
- access insecure properties
- get temp folder w/o write access
- Native Library loading bug: No dyn. link permission check (medium+):
- Overwrite a currently in use library ?
- Actually not w/ our code, since we cache the dynamic looked-up symbols
(right after loading the library)