Date: Sat, 22 Nov 2014 17:06:02 +0000 From: Tim Brown <tmb@...35.com> To: oss-security@...ts.openwall.com Subject: Running Java across a privilege boundry All, Does anyone know of any obvious cases where Java is executed across a privilege boundary? I'm specifically thinking of cases where it might be executed via sudo, via another set[ug]id binary or where it gets called from an untrusted working directory i.e. one not owned by the calling user? FWIW, I'm looking at openjdk as it is distributed by various F/OSS distros which is why I'm emailing this list in particular. Tim -- Tim Brown <mailto:tmb@...35.com> Download attachment "signature.asc " of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.