Logic bug in AccessController.AccHolder.innocuousAcc
Peter Firmstone
peter.firmstone at zeus.net.au
Sat Jun 26 03:48:37 UTC 2021
The innocuous AccessControlContext, is intended to have no permission,
hence it is constructed using the two argument ProtectionDomain
constructor, which causes ProtectionDomain to not consult the Policy.
However, if a user obtains this ProtectionDomain and asks the Policy for
the ProtectionDomain's permission's by calling
Policy::getPermissions(ProtectionDomain), the Policy will return
AllPermission.
It is generally understood that a ProtectionDomain with a null
CodeSource is a system ProtectionDomain loaded by the bootstrap ClassLoader.
I propose that innocuous AccessControlContext instead be given a
ProtectionDomain, with a non-null CodeSource, which has a null URL. This
is also considered by the Policy to be unprivileged.
--
Regards,
Peter Firmstone
More information about the security-dev
mailing list