On Thu, 2016-02-11 at 09:42 +0000, James Hogarth wrote: > On 11 February 2016 at 06:48, Tim <ignored_mailbox@xxxxxxxxxxxx> > wrote: > > > Allegedly, on or about 10 February 2016, jd1008 sent: > > > I am sorry to burst the bubble that was perpetrated by Sun > > > Microsystems. I worked at Sun Microsystems as a contractor and > > > talked > > > to a very senior developer at Menlo Park. I knew this developer > > > from > > > working with him in a previous company. Under my oath never to > > > reveal > > > his name, he clued me in that the fictitious "sandbox" was the > > > entire > > > system. > > > > I'd go along with that, I never believed the sandbox thing. After > > all, > > you can upload any file of your choosing through a Java thing in a > > website, and it could save a file to anywhere you selected. That's > > hardly sandboxed. > > > > And, if you went through the Java preferences, on those browsers > > that > > gave you an extensive interface. You could select all sorts of > > breakout > > allowances, many of which were preset to allowed. > > > > > Just to bring things back to reality though. The claim was that > *javascript* could execute sudo commands and has full access to the > system > (no sandbox) and that has nothing to do with java > applets/applications > whatsoever. Exactly. I regret even mentioning Java and starting this hare. poc -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
