SLUG Mailing List Archives
Re: [SLUG] java security in Linux
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] java security in Linux
- From: Russell Davie <rjrd@xxxxxxxxxxxxxx>
- Date: Mon, 06 Jun 2005 15:08:33 +1000
- User-agent: Debian Thunderbird 1.0 (X11/20050116)
Marek Wawrzyczny wrote:
Hmmm, let's put it this way, should be enough. But is anyone going to
guarantee that at some point, some version of Sun's or someone else's JVM
won't have a security flaw?
Even then, on Linux, the exploit would have to run with su privileges to gain
access to any important system files... no I don't think there is anything to
fear about. Sun's and Java's reputation relies on the JVM model being secure.
Ok, point taken.
However, when logging into Commbank-Netbank, the java-vm is not running as su,
and is running with the user's name who started the browser that accessed the
web site that ran the script. Which is typically my user name.
I notice after logging out of Comm Netbank java-vm is still a process even after
closing the window (via top).
lead to an exploit?
Maybe its set up incorrectly in my box?
To be sure, I shut down the browser, which kills the java-vm.
Is this been overly paranoid?