in reply to >Dinis Cruz dinis at ddplus.net >Sun May 14 03:40:20 EDT 2006 <...skipped...> >So in an environment where you have a solid Security Policy (enforced by >a Security Manager) but the verifier is NOT enabled, then to jump out of >the sandbox all that you need to do is to create a Type Confusion >exploit that allows you to access a private member that either: calls >the protected resource directly or disables the Security Manager (which >based on the description provided is the demo that I think Ed Felten did). <....skipped...>
I guess this is exactly the logic that was behind the implementation decision that by default Code isn't verified when and only when it is granted "All Permissions" mentioned here http://archives.java.sun.com/cgi-bin/wa?A2=ind0107&L=java-security&P=1305 Though the post at the link avove talks only about boot strap classes, i guess this policy is now implemented across the whole JVM (obviously some digging through the java sources would be needed to confirm this) __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php