commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Kitching <skitch...@apache.org>
Subject [all] [logging] AccessController and security
Date Thu, 20 Jul 2006 01:13:35 GMT
Hi,

While looking into the use of AccessController by commons-logging (JCL),
I think I've found a minor security issue.

There is currently code in LogFactory like:
  protected static ClassLoader getContextClassLoader() {
     return (ClassLoader) AccessController.doPrivileged() {...}
  }

In a situation where untrusted code is calling into a JCL library that
is signed and has been granted access to the context classloader,
doesn't this mean that the untrusted code can subclass LogFactory, call
the protected method, and obtain a reference to an object it may be
forbidden to access?

It would seem to me that secure data obtained via an AccessController
should never be permitted to propagate out of any non-private method.
Comments anyone?

Regards,

Simon


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message