[icedtea-web] Idea - do not start ITW applets automatically
Adam Domurad
adomurad at redhat.com
Thu Nov 15 12:30:05 PST 2012
So in lieu of requests such as [1] and the potential for unsigned code
escaping the sandbox (eg, the recent 0day) it could be worth looking
into a feature that has applets not start automatically, but rather
require a user confirmation (click?) to begin. Additionally a more
strict setting could not allow This could be controlled via
itweb-settings/environment and distributions might want it as the default.
There should be some way to opt-in normal execution of signed applets
based on certificate. When an applet's certificates are all opted in, it
will start automatically. (Note that we do not need to handle mixed
signed + unsigned code specially, it already requires a confirmation.)
Unsigned applets, if we choose to allow them being opted in, can be
opted in on a full domain name basis.
The main motivation I have for proposing this feature is that many
applet users only use a handful of applets, and having other applets
automatically start is mostly an unnecessary attack surface. I have seen
"Disable java in browser, and turn it on for any applets you need to use
only" giving as advice following the 0day, and this would be a superior
option.
[1] http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1211
Thoughts?
-Adam
More information about the distro-pkg-dev
mailing list