Marek Wawrzyczny wrote:
Hmmm, let's put it this way, should be enough. But is anyone going to
guarantee that at some point, some version of Sun's or someone else's JVM
won't have a security flaw?
Even then, on Linux, the exploit would have to run with su privileges to gain
access to any important system files... no I don't think there is anything to
fear about. Sun's and Java's reputation relies on the JVM model being secure.
Ok, point taken.
However, when logging into Commbank-Netbank, the java-vm is not running as su,
and is running with the user's name who started the browser that accessed the
web site that ran the script. Which is typically my user name.
I notice after logging out of Comm Netbank java-vm is still a process even after
closing the window (via top).
Could java-vm be inspected? ie by another javascript, byte by byte which could
lead to an exploit?
Maybe its set up incorrectly in my box?
To be sure, I shut down the browser, which kills the java-vm.
Is this been overly paranoid?
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
