-
Bug
-
Resolution: Fixed
-
P4
-
1.2.0
-
1.2beta4
-
generic
-
solaris_2.5.1
-
Not verified
When an untrusted code creates a window, the window should have an
indication. On Solaris, the warning message is coming. But on NT,
the warning message is not coming.
This has a security implication.
Here is a way to reproduce the problem:
javac *.java
setenv CLASSPATH /usr/sqe/pkgs/sqe-tools/promoted/classes:/usr/local/java/jdk1.2/solaris/lib/classes.zip
java -Djava.app.class.path=. sun.misc.Launcher SecurityTest
import java.applet.*;
import java.awt.*;
import java.security.*;
import java.io.*;
public class AppletPolicy extends Applet {
/**
* Check whether the permission was granted or not.
*/
public void check(Graphics g, int x, int y, String msg, Permission perm) {
try {
AccessController.checkPermission(perm);
g.drawString("Access Granted for " + msg, x, y);
} catch (AccessControlException ace ) {
g.drawString("Access NOT Granted for " + msg, x, y);
}
}
public void paint(Graphics g) {
FilePermission FP = new FilePermission("/tmp/foo", "read" );
check(g, 50, 50, "/tmp/foo Read", FP);
FilePermission FP1 = new FilePermission("/tmp/foo", "write" );
check(g, 50, 100, "/tmp/foo write", FP1);
try {
Thread.sleep(2000);
} catch (Exception e) {
}
}
}
import java.awt.*;
import java.util.*;
import java.applet.*;
import java.io.*;
public class SecurityTest extends AppletPolicy{
/**
* The main program
*/
public static void main(String args[]) {
Frame f = new Frame("SecurityTest");
AppletPolicy ap = new AppletPolicy();
ap.init();
ap.start();
f.add("Center", ap);
f.setSize(400, 200);
f.show();
}
}
edward.jucevic@eng 1998-04-14
The command line for JDK-1.2beta4-A should be
java -Djava.app.class.path=. -new -usepolicy SecurityTest
edward.jucevic@eng 1998-04-14
This problem also occurs on Win 95.
I tried running the same application/applet on Solaris and it just exits on JDK-1.2beta4-A.
indication. On Solaris, the warning message is coming. But on NT,
the warning message is not coming.
This has a security implication.
Here is a way to reproduce the problem:
javac *.java
setenv CLASSPATH /usr/sqe/pkgs/sqe-tools/promoted/classes:/usr/local/java/jdk1.2/solaris/lib/classes.zip
java -Djava.app.class.path=. sun.misc.Launcher SecurityTest
import java.applet.*;
import java.awt.*;
import java.security.*;
import java.io.*;
public class AppletPolicy extends Applet {
/**
* Check whether the permission was granted or not.
*/
public void check(Graphics g, int x, int y, String msg, Permission perm) {
try {
AccessController.checkPermission(perm);
g.drawString("Access Granted for " + msg, x, y);
} catch (AccessControlException ace ) {
g.drawString("Access NOT Granted for " + msg, x, y);
}
}
public void paint(Graphics g) {
FilePermission FP = new FilePermission("/tmp/foo", "read" );
check(g, 50, 50, "/tmp/foo Read", FP);
FilePermission FP1 = new FilePermission("/tmp/foo", "write" );
check(g, 50, 100, "/tmp/foo write", FP1);
try {
Thread.sleep(2000);
} catch (Exception e) {
}
}
}
import java.awt.*;
import java.util.*;
import java.applet.*;
import java.io.*;
public class SecurityTest extends AppletPolicy{
/**
* The main program
*/
public static void main(String args[]) {
Frame f = new Frame("SecurityTest");
AppletPolicy ap = new AppletPolicy();
ap.init();
ap.start();
f.add("Center", ap);
f.setSize(400, 200);
f.show();
}
}
edward.jucevic@eng 1998-04-14
The command line for JDK-1.2beta4-A should be
java -Djava.app.class.path=. -new -usepolicy SecurityTest
edward.jucevic@eng 1998-04-14
This problem also occurs on Win 95.
I tried running the same application/applet on Solaris and it just exits on JDK-1.2beta4-A.