[RFC][plugin]: class in CWD can block applet from loading.
Deepak Bhole
dbhole at redhat.com
Tue Apr 5 09:20:06 PDT 2011
* Denis Lila <dlila at redhat.com> [2011-04-05 12:01]:
> > We store a lot of things in .icedtea. It is technically possible for
> > a malicious applet to access items in .icedtea, which include not just
> > cache, but things like trusted certificate list.
> >
> > Furthermore, ~/.icedtea exposes user.home
>
> I see.
>
> > I would set it to ICEDTEA_WEB_JRE/lib/rt.jar
>
> The attached patch does that. It also includes the fix for javaws.
> Is it ok?
>
Yep, looks fine now. Okay for HEAD.
Deepak
More information about the distro-pkg-dev
mailing list