Bug#267040: gcjwebplugin runs untrusted code without sandbox

[Ben Hutchings]

On Mon, Sep 08, 2008 at 05:02:11PM +0200, Robert Millan wrote:
> On Sun, Sep 07, 2008 at 05:39:28PM +0100, Ben Hutchings wrote:
> > gcjwebplugin is a Java plugin for web browsers.  It does not include the
> > security manager which is a crucial part of the "sandboxing" of Java
> > applets.  The maintainers have "fixed" this bug (#267040) merely by
> > adding a warning prompt before running applets, which is well known to
> > be an insufficient means of protecting users from malware.  Please do
> > not include it in lenny.  (Unfortunately it is built from the classpath
> > source package, so that will have to be modified to remove it.)
> 
> How is this different from the multitude of interfaces in the system in
> which data is assumed to be trusted?

Data from the network is generally treated as untrusted; where programs
are found to be insufficiently paranoid, we treat this as a bug and
issue a security update.

In general, we require the user to make an explicit choice to download
and run code outside of a sandbox.  Visiting a web site and clicking
"OK" is not such an explicit choice.

> If you want a similar example, Iceweasel will process certain websites after
> warning the user that special privileges were requested, and asking for
> confirmation.

I believe you're mistaken.  But if you're right, that's also a bug.

> There's a huge amount of users who don't care about security, but do care
> a lot about certain websites working.
 
They can use the Sun Java plugin.

Ben.

-- 
Ben Hutchings
Computers are not intelligent.	They only think they are.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20080908/da3d1ff5/attachment.pgp