[3408] in java-interest
Re: Viruses, Deleting Files in Java?
daemon@ATHENA.MIT.EDU (Ken Arnold - Sun Labs)
Fri Nov 10 15:18:09 1995
Date: Fri, 10 Nov 1995 10:55:02 -0500
From: arnold@cocolat.East.Sun.COM (Ken Arnold - Sun Labs)
To: java-interest@webrunner.neato.org
>I know there was some talk in the past about Java programs deleting
>files, and doing other not so nice things. I am just curious what is to
>stop a Java program from deleting all my files off my computer if one
>would be so mean? I would be browsing around the web, a java program
>would execute, wiping my harddrive out.
>
>Can Java do this? I certainly hope not, and if so when will bugs like
>this be fixed? If this is true, how can anyone browse around the web
>with Java enabled browsers?
First, let us be clear. There is the Java programming language, which
is a general-purpose programming langauge in which one can write
applications, like you can in C and C++ (only easier, and with fewer
bugs, but that's a different story). So, in principle, it is quite
possible to write an application in Java that removed all your files,
just like you can do it in C and C++. You run all sorts of C-written
applications that could remove all your files, and you are well advised
not to run Java applications without using the same caution you do with
other programs[*].
You seem to be asking if you can do that from an applet, which is
loaded down from the internet. The answer to this is "No". The
browser determines what kinds of local file access the applet has, and
this is usually restricted either to a special directory from which the
applet cannot escape, or is completely forbidden. You could write a
browser that allowed arbitrary access, but that would be stupid.
If you find any actual bugs in Java's security system, we would be
very interested in hearing about it.
Ken Arnold
[*] Currently Java's File class doesn't support a remove method, but
that is an oversight being fixed. Until then, the only way Java could
remove your files is by executing exec("rm -rf $HOME").
-
This message was sent to the java-interest mailing list
Info: send 'help' to java-interest-request@java.sun.com
