Prev: ██▓▒░░SOFTWAREMANAGEMENT░▒░▒▓██
Next: Drug raids
From: Jackie on 10 Jun 2010 05:33
Jackie wrote:
> Well, this would be very dangerous and would allow anything to be done
> in the OS as far as permissions allow it. Even outside the sandbox.

But of course not without you letting it do that first.

--
Regards,
Jackie
From: Arne Vajhøj on 10 Jun 2010 19:11
On 10-06-2010 05:31, Jackie wrote:
> http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html
>
> I had a look here just now to figure out exactly what a Java applet is
> allowed to do.
>
> AWTPermission > readDisplayPixels
> Screenshots to detect the analyzer.
>
> FilePermission
> Search for known "bad applications" in the file system to see if they
> are installed.
>
> RuntimePermission > setContextClassLoader
> I am not sure exactly which system they are talking about here. But if
> it is kind of the same as the SetThreadContext API on Windows, and in
> addition the code is somehow injected into the remote process (which I
> doubt), this is one way to take complete control over that process (read
> from its memory and send something back to the chess applet?).
>
> RuntimePermission > writeFileDescriptor
> "may allow malicous code to plant viruses" (and other things)
>
> RuntimePermission > loadLibrary.{library name}
> "Java security architecture is not designed to and does not prevent
> malicious behavior at the level of native code"
>
> Well, this would be very dangerous and would allow anything to be done
> in the OS as far as permissions allow it. Even outside the sandbox.

I am not quite sure that I understand your point.

Java operates with many permissions.

Some of them gives access to critical things.

So if a Java applet asks if you want to give it privs,
then you should only allow it if you are very confident
about the source of the code.

No surprise in that.

Arne

From: Jackie on 10 Jun 2010 20:33
Arne Vajh�j wrote:
> I am not quite sure that I understand your point.

Well, Mr. Ray may want to know details like these to figure out if it is
even possible for a Java applet to read memory from other processes and
how likely it is. See it for himself and think about it on his own, and
not just take whatever we say as truth. One must figure it out one way
or another, and this is one way to know if it is possible or if you can
scratch Java applets completely from the list.

--
Regards,
Jackie
 | 
Pages: 1
Prev: ██▓▒░░SOFTWAREMANAGEMENT░▒░▒▓██
Next: Drug raids