Re: Frequently Asked Questions - Applet Security

Marianne Mueller (mrm@Eng)
Tue, 27 May 1997 19:05:59 -0700

Date: Tue, 27 May 1997 19:05:59 -0700
Message-Id: <199705280205.TAA12530@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: r.nicolescu@cs.auckland.ac.nz
Subject: Re: Frequently Asked Questions - Applet Security

Hi Prof Nicolescu,

The reason why your attacks on the namespace partitioning (if I could
call it that) don't work on downloaded applets is that each downloaded
applet's namespace is controlled by its classloader. There's a
classloader for each URL. You could probably get your attack to work
by deviously changing what was stored in a CLASSPATH (the place where
the applet came from) while the applet was running on some other
client. You probably have seen this but a (somewhat dusty)
description of the applet security model is at
http://java.sun.com/sfaq/

There were some bugs in JDK 1.0.2 and JDK 1.1 where our implementation
wasn't consistent with the JLS (Java Language Spec) and those have
been fixed for our upcoming release (JDK1.1.2). Those bugs concerned
very weird cases similar to some of the situations you describe. We
found those by doing a lot of JLS specification level testing.

I need to go over your cases carefully and make sure there isn't a bug
there that we need to fix.

One thing to keep in mind is that shipping browsers are still based on
JDK 1.0.2. We've shipped JDK 1.1, 1.1.1 and we're about to ship JDK
1.1.2. If you're interested in investigating these corner
implementation issues of JLS, be sure to get the latest JDK from
JavaSoft and use our appletviewer as a testing/diagnostic tool.

Thanks for the feedback,

Marianne
Staff Engineer, JavaSoft Security