Question: Explain how a privacy leak could occur when a Java programmer defines methods for the implementation of an array.
My class and I brain stormed this idea, and came up with the following options:
Assume the array holds employee objects, with salary amount, employment date etc.
- If the array holds references to the objects in the array and not deep copies of these objects, a malicious individual have access to change the content of those objects.
- If there are over flow errors, a malicious individual would be able to perform some kind of stack (or heap?) trace to obtain information kept in those objects of the array.
However we are not sure we are on the right track and would appreciate some help.
The first answer is correct, but the second answer is incorrect. An exception won’t reveal the contents of the array to the caller, as the stack trace (and the data structure used to generate it) doesn’t include a pointer to the actual stack frames.
A third scenario assumes that the “attacker” can grab a copy of the JVM processes address space; e.g. by forcing a core dump or by reading the page file / swap area. In that scenario, it is possible to get hold of the state of any object that has not been garbage collected. One thing that the bad guys could target is the backing arrays for strings that contain passwords and other sensitive text information. This can be done in a “brute-force” fashion by searching for what looks like sequences of Unicode text characters in the language most commonly used.
@sparkle had a point. In the first answer, the leak involving arrays happens if the attacker is able to retain a reference to the array used by the container … because the container class neglected to copy it. Assuming that objects in the array are known to the attacker in the first place, it is the copying of the array itself that is critical to preventing the security breach here.
The other thing to note is that the design and implementation that “enables” the privacy leak is a bit contrived in this case.