Re: Java allows root access without permission?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  On 10/27/2010 02:00 PM, Michael Cronenworth wrote:
> Fedora 13 x86_64 with OpenJDK (not Sun) installed.
>
> I was required to login to a web site today to configure a VPN and the
> site installed a Cisco VPN Java applet. When it was finished installing
> and was running I noticed the processes where running as root and had
> installed into /opt. I had not given it my root password or any
> permission to do so. It did not install any RPM package. It was all
> driven by a Java applet.
>
> $ ps -efw #id 502 is me
> 502       4791  2668  0 11:16 ?        00:00:19
> /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/../../bin/java
> sun.appl
> root      4923     1  0 11:16 ?        00:00:00 /opt/cisco/vpn/bin/vpnagentd
>
> Is this something "allowed" by some configuration setting in OpenJDK
> somewhere? I'd like to turn off this "feature" ASAP.
>
> Thanks,
> Michael


The only way that could happen is if you were logged in, or otherwise 
running the browser as user root.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux