On Thu, 2016-02-11 at 09:42 +0000, James Hogarth wrote:
On 11 February 2016 at 06:48, Tim
<ignored_mailbox(a)yahoo.com.au>
wrote:
> Allegedly, on or about 10 February 2016, jd1008 sent:
> > I am sorry to burst the bubble that was perpetrated by Sun
> > Microsystems. I worked at Sun Microsystems as a contractor and
> > talked
> > to a very senior developer at Menlo Park. I knew this developer
> > from
> > working with him in a previous company. Under my oath never to
> > reveal
> > his name, he clued me in that the fictitious "sandbox" was the
> > entire
> > system.
>
> I'd go along with that, I never believed the sandbox thing. After
> all,
> you can upload any file of your choosing through a Java thing in a
> website, and it could save a file to anywhere you selected. That's
> hardly sandboxed.
>
> And, if you went through the Java preferences, on those browsers
> that
> gave you an extensive interface. You could select all sorts of
> breakout
> allowances, many of which were preset to allowed.
>
>
Just to bring things back to reality though. The claim was that
*javascript* could execute sudo commands and has full access to the
system
(no sandbox) and that has nothing to do with java
applets/applications
whatsoever.
Exactly. I regret even mentioning Java and starting this hare.
poc