openjdk team mailing list archive

Thread
Date

Bug#590632: openjdk: Allows all signed applets to access Debian account

To: Debian Bug Tracking System <submit@xxxxxxxxxxxxxxx>
From: Niels Elgaard Larsen <elgaard@xxxxxxx>
Date: Tue, 27 Jul 2010 23:30:08 -0000
Delivered-to: submit@xxxxxxxxxxxxxxx
Reply-to: Niels Elgaard Larsen <elgaard@xxxxxxx>, 590632@xxxxxxxxxxxxxxx
Resent-cc: OpenJDK Team <openjdk@xxxxxxxxxxxxxxxxxxx>
Resent-date: Tue, 27 Jul 2010 23:30:01 +0000
Resent-date: Tue, 27 Jul 2010 23:30:04 +0000
Resent-from: Niels Elgaard Larsen <elgaard@xxxxxxx>
Resent-message-id: <handler.590632.B.128027325212161@xxxxxxxxxxxxxxx>
Resent-sender: Debian BTS <debbugs@xxxxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx

Package: openjdk-6-jre
Version: 6b18-1.8-4
Severity: important
File: openjdk
Tags: upstream


First I believe it is relly wrong to grant any signed applet
AllPermission. It allows internet banks, tax authoritis, photo printing
operations, etc access to our computers.

Also I could not find a way to regain control over which applet get
control over my Debian accound.

using 
  permission java.lang.RuntimePermission "usePolicy";
in ~/.java.policy does not work.

Check this to test java applet permission (this for selfsigned applet on
site with self-signed SSL certificate)
https://www.agol.dk/elgaard/sand/sand.html


Just because I use a netbank or det danish digital signature does not
men that I want to allow them to read or write any file on my user account.



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openjdk-6-jre depends on:
ii  libaccess-bridge-java-j 1.26.2-5         Java Access Bridge for GNOME (jni 
ii  libasound2              1.0.23-1         shared library for ALSA applicatio
ii  libc6                   2.11.2-2         Embedded GNU C Library: Shared lib
ii  libgif4                 4.1.6-9          library for GIF images (library)
ii  libjpeg62               6b1-1            The Independent JPEG Group's JPEG 
ii  libpng12-0              1.2.44-1         PNG library - runtime
ii  libpulse0               0.9.21-3         PulseAudio client libraries
ii  libx11-6                2:1.3.3-3        X11 client-side library
ii  libxext6                2:1.1.2-1        X11 miscellaneous extension librar
ii  libxi6                  2:1.3-4          X11 Input extension library
ii  libxrender1             1:0.9.6-1        X Rendering Extension client libra
ii  libxtst6                2:1.1.0-3        X11 Testing -- Record extension li
ii  openjdk-6-jre-headless  6b18-1.8-4       OpenJDK Java runtime, using Hotspo
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

openjdk-6-jre recommends no packages.

Versions of packages openjdk-6-jre suggests:
ii  icedtea6-plugin               6b18-1.8-4 web browser plugin based on OpenJD

-- no debconf information