oss-sec mailing list archives
Running Java across a privilege boundry
From: Tim Brown <tmb () 65535 com>
Date: Sat, 22 Nov 2014 17:06:02 +0000
All, Does anyone know of any obvious cases where Java is executed across a privilege boundary? I'm specifically thinking of cases where it might be executed via sudo, via another set[ug]id binary or where it gets called from an untrusted working directory i.e. one not owned by the calling user? FWIW, I'm looking at openjdk as it is distributed by various F/OSS distros which is why I'm emailing this list in particular. Tim -- Tim Brown <mailto:tmb () 65535 com>
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Running Java across a privilege boundry Tim Brown (Nov 22)
- Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
- Re: Running Java across a privilege boundry Marc Chadwick (Nov 22)
- Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
- Re: Running Java across a privilege boundry Tim Brown (Nov 22)
- Re: Running Java across a privilege boundry Solar Designer (Nov 23)
- Re: Running Java across a privilege boundry Solar Designer (Nov 25)
- Re: Running Java across a privilege boundry Solar Designer (Dec 08)
- Re: Running Java across a privilege boundry Tim Brown (Dec 18)
- Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
- Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
- Re: Running Java across a privilege boundry Marc Chadwick (Nov 22)
- Re: Running Java across a privilege boundry Russ Allbery (Nov 22)