From owner-freebsd-java Tue Apr 6 12: 9:42 1999 Delivered-To: freebsd-java@freebsd.org Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141]) by hub.freebsd.org (Postfix) with ESMTP id 5DE2414E21 for ; Tue, 6 Apr 1999 12:09:40 -0700 (PDT) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id NAA24174; Tue, 6 Apr 1999 13:07:42 -0600 (MDT) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id NAA17158; Tue, 6 Apr 1999 13:07:41 -0600 Date: Tue, 6 Apr 1999 13:07:41 -0600 Message-Id: <199904061907.NAA17158@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Jeff Dalton Cc: FreeBSD-java@FreeBSD.ORG Subject: Re: Fwd: New Hole in Java 2 (fwd) In-Reply-To: <22035.199904061724@todday> References: <22035.199904061724@todday> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Sender: owner-freebsd-java@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > The flaw allows an attacker to create a booby-trapped Web > > page, so that when a victim views the page, the attacker seizes > > control of the victim's machine and can do whatever he wants, > > including reading and deleting files, and snooping on any data and > > activities on the victim's machine. > > Is it really the case that the attacker can seize control of a Unix > machine (such as a PC running FreeBSD) and "do whatever he wants", > which seems to imply that he can become root? Or can he only do > whatever he wants provided it's something "nobody" is able to do? The attacker has the same ability as the user running the applet, whatever it may be. This includes reading files, writing files, etc.. However, unless that user is *root* getting root is difficult. Basically, the account running the applet has been compromised, but the machine has not been (yet). Example: applet_main() { getprivs(); append("~/.rhosts", "user@bad.domain"); ... } Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message