[9363] in bugtraq
Re: open socket in java
daemon@ATHENA.MIT.EDU (Toby Chamberlain)
Fri Feb 5 03:22:01 1999
Date: Fri, 5 Feb 1999 11:04:24 +1000
Reply-To: Toby Chamberlain <toby@PEOPLESEARCH.COM.AU>
From: Toby Chamberlain <toby@PEOPLESEARCH.COM.AU>
To: BUGTRAQ@NETSPACE.ORG
nino worte:
<snip>
>
> The implications are obvious. If any host can connect to the machine
> running the aplet, you could tell java to do things like the boserver.
> If
> you have a completely open socket, its rock n' roll !
>
<snip>
I may be missing something here, but from what I understand of the bug
it _doesn't_ constitute a major security issue. All it means is that we
have an open socket to a Java APPLET - (note: *not* a Java application)
- running on the machine, and are still subject to the "sandbox"
restrictions that applets have. We can't read/write files on the local
machine or do anything that we couldn't do with an applet anyway.
Please correct me if I'm wrong, but I don't think it's anything to get
too excited about kiddies - the Java/Javascript combo that let's you
read files (posted on bugtraq a month or so ago) is much more
interesting :)
Stay cool,
Toby
