[RFC][plugin]: class in CWD can block applet from loading.
Denis Lila
dlila at redhat.com
Tue Apr 5 09:24:10 PDT 2011
> Yep, looks fine now. Okay for HEAD.
Thanks for the review.
I pushed it.
Regards,
Denis.
----- Original Message -----
> * Denis Lila <dlila at redhat.com> [2011-04-05 12:01]:
> > > We store a lot of things in .icedtea. It is technically possible
> > > for
> > > a malicious applet to access items in .icedtea, which include not
> > > just
> > > cache, but things like trusted certificate list.
> > >
> > > Furthermore, ~/.icedtea exposes user.home
> >
> > I see.
> >
> > > I would set it to ICEDTEA_WEB_JRE/lib/rt.jar
> >
> > The attached patch does that. It also includes the fix for javaws.
> > Is it ok?
> >
>
>
> Deepak
More information about the distro-pkg-dev
mailing list