Re: Security hole in default instalation parameters
Vladimir V Maslov (maslov@klgtts.kaluga.su)
Thu, 12 Nov 98 05:02:13 +0000
> check and make sure your policy file (in user.home/.java.policy) is not set
> from running the demo a previous time).
>
> ----------------- Original Bug Report-------------------
>
> id : 42487
> category : java
> subcategory : classes_security
> type : bug
> synopsis : Security hole in default instalation parameters
> description : Hello,
> I just install JDK 1.2 and run example at:E:\jdk1.2\tutorial\security1.2\tour1\step1.html
>
> I enter:
> e:\appletviewer http://java.sun.com/docs/books/tutorial/
> security1.2/tour1/example-1dot2/WriteFile.html
>
> He is WROTE to my disk!
> All computers as mine open NOW!
>
> Vladimir
> maslov@klgtts.kaluga.su
> comments : (company - , email - maslov@klgtts.kaluga.su)
> workaround :
> cust_name : Vladimir Maslov
> cust_email : maslov@klgtts.kaluga.su
> company : other
> release : 1.2RC1
> hardware : i586
> OSversion : win_nt_4.0
> status : Deleted
> delReason : User Error
> priority : 4
> sev_impact : 2
> sev_function : 2
> cust_type : R
> bugtraqID : 0
> dateCreated : 1998-11-11 03:21:00.0
> dateEvaluated : 1998-11-11 11:15:04.0
>
>
Yes I know this. Did you think that many users create .java.policy ?
I think that without .java.policy must be sandbox rules dominate.
Vladimir