Java allows root access without permission?
Michael Cronenworth
mike at cchtml.com
Wed Oct 27 20:28:32 UTC 2010
Deepak Bhole wrote:
> Such a thing should/would not be allowed. Applets run as normal users
> and escalated privileges would imply a severe security violation in the
> base os itself.
I agree.
> How did you install/run the applet?
1) I visited the web page I was pointed to to set up the VPN client.
Using Firefox 3.6.11 (64-bit) provided in Fedora 13.
2) I used my username and password to access the web site.
Unfortunately, I cannot give my credentials to you.
3) The web site then started, automatically, to "detect" my system,
install a Java applet, and then connected me to the VPN. It had a nice
shiny Cisco logo at the top of the page. I was prompted if I wanted to
run a Java applet, which I said yes. That was the only prompt I received.
The /opt/cisco/vpn/bin/vpnagentd program was installed after allowing
the java applet to run. All of the date stamps in /opt/cisco are today's
date. I have never installed anything cisco-related before on this machine.
More information about the users
mailing list