SLUG Mailing List Archives
[SLUG] java security in Linux
- To: slug@xxxxxxxxxxx
- Subject: [SLUG] java security in Linux
- From: Russell Davie <rjrd@xxxxxxxxxxxxxx>
- Date: Mon, 06 Jun 2005 11:30:38 +1000
- User-agent: Debian Thunderbird 1.0 (X11/20050116)
Please give your advice on security of Java in Linux.
I have just received a email from ANZ bank (which I don't bank with, so its
likely to be phishing) that is linked to a bunch of Java scripts. This is shown
in Mozilla-Thunderbird when I move the cursor over the link.
As a user has permission to run Java, can opening this link and running the Java
script be a potential security risk?
What can be done about this to prevent this from happening if an email leaks
through the spam filters?
Java permissions on this machine:
:~$ ls -la /usr/lib/j2sdk1.5-sun/bin/java
-rwxr-xr-x 1 root root 64492 2005-04-13 20:55 /usr/lib/j2sdk1.5-sun/bin/java
Linux athlonbox 2.6.6 #1 Sun May 8 12:44:37 EST 2005 i686 GNU/Linux