From owner-freebsd-java Tue Apr 6 10:38:58 1999 Delivered-To: freebsd-java@freebsd.org Received: from sussie.datadesign.se (ns.datadesign.se [194.23.109.130]) by hub.freebsd.org (Postfix) with ESMTP id BA5FF156A1 for ; Tue, 6 Apr 1999 10:38:40 -0700 (PDT) (envelope-from Joachim.Isaksson@sussie.interbizz.se) Received: from tequila (dhcp140.ibfs.com [193.45.188.140]) by sussie.datadesign.se (8.8.8+Sun/8.8.8) with SMTP id TAA05815; Tue, 6 Apr 1999 19:36:38 +0200 (MET DST) Message-ID: <005201be8053$f71fcd50$8cbc2dc1@ibfs.com> From: "Joachim Isaksson" To: "Jeff Dalton" , References: <22035.199904061724@todday> Subject: Re: Fwd: New Hole in Java 2 (fwd) Date: Tue, 6 Apr 1999 19:36:12 +0200 Organization: Interbizz Financial Systems MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-java@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Is it really the case that the attacker can seize control of a Unix > machine (such as a PC running FreeBSD) and "do whatever he wants", > which seems to imply that he can become root? Or can he only do > whatever he wants provided it's something "nobody" is able to do? Being able to overwrite the stack frame will allow the attacker to obtain the rights of the user running the virtual machine. This may (depending on the security setup on your machine) allow the attacker to obtain root privileges if either the user running the JVM has root privileges or by use of other root access exploits that require the attacker to be logged in on the machine. /Joachim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message