[RFC][plugin]: class in CWD can block applet from loading.
Deepak Bhole
dbhole at redhat.com
Tue Apr 5 07:27:43 PDT 2011
* Denis Lila <dlila at redhat.com> [2011-03-29 14:38]:
> Hi.
>
After a fair bit of investigation on other possible solutions by Denis,
this seems to be the best way.
> + {
> + command_line = (gchar**) malloc(sizeof(gchar*)*8);
> + command_line[cmd_num++] = g_strdup(appletviewer_executable);
> + command_line[cmd_num++] = g_strdup(PLUGIN_BOOTCLASSPATH);
> + command_line[cmd_num++] = g_strdup("-classpath");
> + command_line[cmd_num++] = g_strdup("~/.icedtea");
The patch is mostly fine, but the -classpath should not be set to .icedtea.
We store a lot of things in .icedtea. It is technically possible for
a malicious applet to access items in .icedtea, which include not just
cache, but things like trusted certificate list.
Furthermore, ~/.icedtea exposes user.home
I would set it to ICEDTEA_WEB_JRE/lib/rt.jar
Cheers,
Deepak
> + command_line[cmd_num++] = g_strdup("sun.applet.PluginMain");
> + command_line[cmd_num++] = g_strdup(out_pipe_name);
> + command_line[cmd_num++] = g_strdup(in_pipe_name);
> + command_line[cmd_num] = NULL;
> + }
>
> environment = plugin_filter_environment();
>
> @@ -1590,25 +1595,9 @@
>
> g_strfreev (environment);
>
> - g_free (command_line[0]);
> - command_line[0] = NULL;
> - g_free (command_line[1]);
> - command_line[1] = NULL;
> - g_free (command_line[2]);
> - command_line[2] = NULL;
> - g_free (command_line[3]);
> - command_line[3] = NULL;
> - g_free (command_line[4]);
> - command_line[4] = NULL;
> -
> - if (plugin_debug)
> - {
> - g_free (command_line[5]);
> - command_line[5] = NULL;
> - g_free (command_line[6]);
> - command_line[6] = NULL;
> - g_free (command_line[7]);
> - command_line[7] = NULL;
> + for (int i = 0; i < cmd_num; i++) {
> + g_free (command_line[i]);
> + command_line[i] = NULL;
> }
>
> g_free(command_line);
More information about the distro-pkg-dev
mailing list