On 11 February 2016 at 06:48, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
Allegedly, on or about 10 February 2016, jd1008 sent:
> I am sorry to burst the bubble that was perpetrated by Sun
> Microsystems. I worked at Sun Microsystems as a contractor and talked
> to a very senior developer at Menlo Park. I knew this developer from
> working with him in a previous company. Under my oath never to reveal
> his name, he clued me in that the fictitious "sandbox" was the entire
> system.
I'd go along with that, I never believed the sandbox thing. After all,
you can upload any file of your choosing through a Java thing in a
website, and it could save a file to anywhere you selected. That's
hardly sandboxed.
And, if you went through the Java preferences, on those browsers that
gave you an extensive interface. You could select all sorts of breakout
allowances, many of which were preset to allowed.
Just to bring things back to reality though. The claim was that *_javascript_* could execute sudo commands and has full access to the system (no sandbox) and that has nothing to do with java applets/applications whatsoever.
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
