Java and openjdk

Sat Aug 30 04:13:50 UTC 2008

On Friday 29 August 2008, Craig White wrote:
>On Fri, 2008-08-29 at 10:38 -0400, Gene Heskett wrote:
>> On Friday 29 August 2008, Rahul Sundaram wrote:
>> >Gene Heskett wrote:
>> >> And the simple fact that those of us who want a working java are going
>> >> to the sun site, getting the latest jre and installing it, never again
>> >> to click on an ICED TEA update in yumex.  Really, I think that says it
>> >> all. You for legal reasons are defending an emasculated version, but
>> >> the final say on what gets run is us, its our machine.  Sue us?  I
>> >> doubt it. :)
>> >
>> >It is not iced tea now. It is called OpenJDK and that is a certified
>> >Java from Sun.  I won't sue for getting the details wrong ;-)
>> >
>> >Rahul
>>
>> Oh?  From my yumex screen (F8 install)
>> java-1.7.0-icedtea
>> jave-1.7.0-icedtea-plugin
>>
>> and from an rpm -qa|grep java
>> java-1.7.0-icedtea-1.7.0.0-0.19.b21.snapshot.fc8
>> java-1.5.0-gcj-1.5.0.0-17.fc8
>> tzdata-java-2008d-1.fc8
>> glib-java-0.2.6-10.fc8
>> java_cup-0.10-0.k.6jpp.1
>> java-1.7.0-icedtea-plugin-1.7.0.0-0.19.b21.snapshot.fc8
>>
>> Humm, I may be wrong about not having icedtea
>
>----
>icedtea was F8, but not F9
>----
>
>> [root at coyote ~]# which java
>> /usr/bin/java
>> [root at coyote ~]# ls -l `which java`
>> lrwxrwxrwx 1 root root 22 2008-03-31
>> 19:34 /usr/bin/java -> /etc/alternatives/java
>> [root at coyote ~]# ls -l /etc/alternatives/java/
>> ls: cannot access /etc/alternatives/java/: Not a directory
>> [root at coyote ~]# ls -l /etc/alternatives/java
>> lrwxrwxrwx 1 root root 39 2008-03-31
>> 19:41 /etc/alternatives/java -> /usr/lib/jvm/jre-1.7.0-icedtea/bin/java
>>
>> However, from FF's about:plugins, I get this:
>> Java(TM) Plug-in 1.6.0_06-b02
>>
>>     File name: /usr/java/jre1.6.0_06/plugin/i386/ns7/libjavaplugin_oji.so
>>     Java(TM) Plug-in 1.6.0_06
>
>----
>which java command is for running java from command shell
>
>java plugin in Firefox is a separate issue...what's so difficult to
>understand about that?
>----
>
>> So, do I need to replace that link?  By installing the yumex offerings and
>> bearing in mind that I long since gave up trying to keep up with every new
>> browser version having its own plugins dir, created one & put all the
>> plugins there, and linked all the other browsername/plugins to it?
>>
>> In that case, is it safe to do so since updates are not yet flowing? 
>> Those are old packages that have been sitting there for a month or more.
>>
>> A side note, we (my local group of friends) have found a blog
>> <http://blogs.zdnet.com/security/?p=1803&tag=nl.e539> that gives a few
>> hints on finding out if we too have been infected.  According to it, no
>> systems here are.  The point being that the extreme privacy this has been
>> kept under has now been exposed, letting the horse out of the barn so to
>> speak, and this list deserves more candor from its 'parent' regarding it. 
>> We had been led to believe this was only a debian problem because of the
>> speedup shortcut in the random number section of the code supposedly only
>> they used.  If this is a different exploit, then we need to know.  We
>> aren't above pulling in the src's and building our own you know, however
>> my reading that code is not going to tell me if its safe, so I've told the
>> one in my local group who was going to do that to hold off another day or
>> so...  His exposure to an exploit is 100x that of mine, so lets see some
>> activity of some kind other than take a potato and wait.  We are beginning
>> to need a second potato to stave off the hunger here.
>
>----
>as someone who runs gui as root...you have so many issues to worry about
>I wouldn't know where to start...in fact, your assertion that someone
>else has an exposure to exploitation more than you is laughable.
>
>Craig

When I get hacked and rootkitted is the time to gloat, until then, well.. 
(this is occasionally a mixed list)

And may I complement you on your ability to change the subject when I ask a 
potentially embarrassing question?

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
That feeling just came over me.
		-- Albert DeSalvo, the "Boston Strangler"