Re: Java allows root access without permission?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 10/27/2010 03:00 PM, Michael Cronenworth wrote:
> Fedora 13 x86_64 with OpenJDK (not Sun) installed.
>
> I was required to login to a web site today to configure a VPN and the 
> site installed a Cisco VPN Java applet. When it was finished installing 
> and was running I noticed the processes where running as root and had 
> installed into /opt. I had not given it my root password or any 
> permission to do so. It did not install any RPM package. It was all 
> driven by a Java applet.
>
> $ ps -efw #id 502 is me
> 502       4791  2668  0 11:16 ?        00:00:19 
> /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/../../bin/java 
> sun.appl
> root      4923     1  0 11:16 ?        00:00:00 /opt/cisco/vpn/bin/vpnagentd
>
> Is this something "allowed" by some configuration setting in OpenJDK 
> somewhere? I'd like to turn off this "feature" ASAP.
>
> Thanks,
> Michael

What are the permissions for /opt?  Are you sure that the vpnagentd wasn't installed as part of some rpm?

Kevin
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux