Logic bug in AccessController.AccHolder.innocuousAcc
Peter Firmstone
peter.firmstone at zeus.net.au
Sat Jun 26 04:06:38 UTC 2021
On 26/06/2021 1:48 pm, Peter Firmstone wrote:
> The innocuous AccessControlContext, is intended to have no permission,
> hence it is constructed using the two argument ProtectionDomain
> constructor, which causes ProtectionDomain to not consult the Policy.
>
> However, if a user obtains this ProtectionDomain and asks the Policy
> for the ProtectionDomain's permission's by calling
> Policy::getPermissions(ProtectionDomain), the Policy will return
> AllPermission.
Apologies, the Policy won't return AllPermission, my mistake.
>
> It is generally understood that a ProtectionDomain with a null
> CodeSource is a system ProtectionDomain loaded by the bootstrap
> ClassLoader.
>
> I propose that innocuous AccessControlContext instead be given a
> ProtectionDomain, with a non-null CodeSource, which has a null URL.
> This is also considered by the Policy to be unprivileged.
>
--
Regards,
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.
More information about the security-dev
mailing list