Re: Logic bug in AccessController.AccHolder.innocuousAcc

[Peter Firmstone]

On 26/06/2021 1:48 pm, Peter Firmstone wrote:
The innocuous AccessControlContext, is intended to have no permission, 
hence it is constructed using the two argument ProtectionDomain 
constructor, which causes ProtectionDomain to not consult the Policy.


However, if a user obtains this ProtectionDomain and asks the Policy 
for the ProtectionDomain's permission's by calling 
Policy::getPermissions(ProtectionDomain), the Policy will return 
AllPermission.



Apologies, the Policy won't return AllPermission, my mistake.




It is generally understood that a ProtectionDomain with a null 
CodeSource is a system ProtectionDomain loaded by the bootstrap 
ClassLoader.


I propose that innocuous AccessControlContext instead be given a 
ProtectionDomain, with a non-null CodeSource, which has a null URL. 
This is also considered by the Policy to be unprivileged.



--
Regards,
 
Peter Firmstone

0498 286 363
Zeus Project Services Pty Ltd.

Logic bug in AccessController.AccHolder.innocuousAcc

[Peter Firmstone]

The innocuous AccessControlContext, is intended to have no permission, 
hence it is constructed using the two argument ProtectionDomain 
constructor, which causes ProtectionDomain to not consult the Policy.


However, if a user obtains this ProtectionDomain and asks the Policy for 
the ProtectionDomain's permission's by calling 
Policy::getPermissions(ProtectionDomain), the Policy will return 
AllPermission.


It is generally understood that a ProtectionDomain with a null 
CodeSource is a system ProtectionDomain loaded by the bootstrap ClassLoader.


I propose that innocuous AccessControlContext instead be given a 
ProtectionDomain, with a non-null CodeSource, which has a null URL. This 
is also considered by the Policy to be unprivileged.


--
Regards,
 
Peter Firmstone