Web start sandboxing and security
Andy Lutomirski
luto at amacapital.net
Fri Oct 18 11:15:09 PDT 2013
This is an attempt to turn bug #1264
(http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1264) into a
real discussion.
When I start a Java Web Start app, I get asked "Do you want to run the
application?" means. It is far from obvious what that means. I
researched it a bit, and AFAICT it means: if the application is signed
(by anyone at all), then run it with full permissions; if the
application is unsigned, then run it sandboxed.
This is an awful state of affairs. For one thing, it means that I'd
rather run an unsigned app than a signed app -- just because I believe
that a certain company wrote the app does *not* mean that I want to
trust that app with full rights to my computer.
There are several improvements that could be made:
1. The dialog box could be much clearer. It could say "Do you want to
grant this application unrestricted access to your computer?" in the
signed case and "Do you want to run this application? It will not
have access to your data." in the unsigned case.
2. Even if the app is signed, there should still be a way to run it in
the sandbox. I've yet to encounter a JNLP app in the wild that has
any legitimate reason to do anything other than access the internet,
create some temporary files, and occasionally use the file picker.
Let me run it in the sandbox, please.
Every modern application deployment system (Android, the new GNOME
thing, and to a more limited extent Metro and iOS) has sensible, if
minimally configurable, sandboxing. Java has had the ability to do
this for decades. Please enable it in some sensible manner.
Thanks,
Andy
More information about the distro-pkg-dev
mailing list