Re: Java allows root access without permission?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Deepak Bhole wrote:
> Such a thing should/would not be allowed. Applets run as normal users
> and escalated privileges would imply a severe security violation in the
> base os itself.

I agree.

> How did you install/run the applet?

1) I visited the web page I was pointed to to set up the VPN client. 
Using Firefox 3.6.11 (64-bit) provided in Fedora 13.
2) I used my username and password to access the web site. 
Unfortunately, I cannot give my credentials to you.
3) The web site then started, automatically, to "detect" my system, 
install a Java applet, and then connected me to the VPN. It had a nice 
shiny Cisco logo at the top of the page. I was prompted if I wanted to 
run a Java applet, which I said yes. That was the only prompt I received.

The /opt/cisco/vpn/bin/vpnagentd program was installed after allowing 
the java applet to run. All of the date stamps in /opt/cisco are today's 
date. I have never installed anything cisco-related before on this machine.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux