oss-sec mailing list archives

Running Java across a privilege boundry

From: Tim Brown <tmb () 65535 com>
Date: Sat, 22 Nov 2014 17:06:02 +0000

All,

Does anyone know of any obvious cases where Java is executed across a 
privilege boundary? I'm specifically thinking of cases where it might be 
executed via sudo, via another set[ug]id binary or where it gets called from 
an untrusted working directory i.e. one not owned by the calling user? FWIW, 
I'm looking at openjdk as it is distributed by various F/OSS distros which is 
why I'm emailing this list in particular.

Tim
-- 
Tim Brown
<mailto:tmb () 65535 com>

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

Running Java across a privilege boundry Tim Brown (Nov 22)
- Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
  - Re: Running Java across a privilege boundry Marc Chadwick (Nov 22)
    - Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
    - Re: Running Java across a privilege boundry Tim Brown (Nov 22)
    - Re: Running Java across a privilege boundry Solar Designer (Nov 23)
    - Re: Running Java across a privilege boundry Solar Designer (Nov 25)
    - Re: Running Java across a privilege boundry Solar Designer (Dec 08)
    - Re: Running Java across a privilege boundry Tim Brown (Dec 18)
    - Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
    - Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)

(Thread continues...)