Bugtraq mailing list archives

Re: open socket in java

From: toby () PEOPLESEARCH COM AU (Toby Chamberlain)
Date: Fri, 5 Feb 1999 11:04:24 +1000


nino worte:
<snip>


The implications are obvious. If any host can connect to the machine
running the aplet, you could tell java to do things like the boserver.
If
you have a completely open socket, its rock n' roll !

<snip>

I may be missing something here, but from what I understand of the bug
it _doesn't_ constitute a major security issue. All it means is that we
have an open socket to a Java APPLET - (note: *not* a Java application)
- running on the machine, and are still subject to the "sandbox"
restrictions that applets have. We can't read/write files on the local
machine or do anything that we couldn't do with an applet anyway.

Please correct me if I'm wrong, but I don't think it's anything to get
too excited about kiddies - the Java/Javascript combo that let's you
read files (posted on bugtraq a month or so ago) is much more
interesting:)

Stay cool,
Toby

Current thread:

open socket in java nino (Feb 03)
- <Possible follow-ups>
- Re: open socket in java Aviram Jenik (Feb 04)
  - Re: open socket in java Hale (Feb 05)
  - Re: open socket in java Lincoln Stein (Feb 05)
    - Re: open socket in java Tim Wright (Feb 09)
- Re: open socket in java Toby Chamberlain (Feb 04)
- Re: open socket in java Simon Kilvington (Feb 05)
- Re: open socket in java Posick, Steve (Feb 09)
- FW: open socket in java Nin|a405 (Feb 11)
- Re: open socket in java Simon Kilvington (Feb 12)