Re: Java allows root access without permission?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Michael Cronenworth <mike@xxxxxxxxxx> [2010-10-27 16:00]:
> Fedora 13 x86_64 with OpenJDK (not Sun) installed.
> 
> I was required to login to a web site today to configure a VPN and the 
> site installed a Cisco VPN Java applet. When it was finished installing 
> and was running I noticed the processes where running as root and had 
> installed into /opt. I had not given it my root password or any 
> permission to do so. It did not install any RPM package. It was all 
> driven by a Java applet.
> 
> $ ps -efw #id 502 is me
> 502       4791  2668  0 11:16 ?        00:00:19 
> /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/../../bin/java 
> sun.appl
> root      4923     1  0 11:16 ?        00:00:00 /opt/cisco/vpn/bin/vpnagentd
> 
> Is this something "allowed" by some configuration setting in OpenJDK 
> somewhere? I'd like to turn off this "feature" ASAP.
> 

Such a thing should/would not be allowed. Applets run as normal users
and escalated privileges would imply a severe security violation in the
base os itself.

How did you install/run the applet?

Deepak

> Thanks,
> Michael
> -- 
> users mailing list
> users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux