[rfc][icedtea-web][icedtea-web-1.5.2] allow also skip of permissions attribute check in case of disabled attributes check
Jiri Vanek
jvanek at redhat.com
Mon Nov 24 16:51:31 UTC 2014
>
> Hello,
>
>
> Ah I see now. So basically, now it does not check permissions when deployment.manifest.attributes.check=false. Before it would always check it. Interesting...
>
> Seems okay, but I feel like aazores did this for a reason...
>
>
Originally it was excluded :
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027165.html
But later moved out during signed appelts support for sandbox attribute...
I hope that the reason is only one - that sanbox in attribute is forcing sandbox no metter of
outside signatures. Well by disbaling attributes check this is disabled and you can get hurt.
If this is the only issue, then I'm ok with that.
but:
http://icedtea.classpath.org/hg/icedtea-web/rev/d1584d50c1e9 says:
(checkAll): Extended Applet Security on Low disables all manifest checks
except for Permissions
Looking into http://icedtea.classpath.org/hg/icedtea-web/rev/d1584d50c1e9#l4.1
the changelog statement seems wrong to me...
so...Where is truth now?
J.
More information about the distro-pkg-dev
mailing list