After some mozilla dev, my path has led me to security issues. Im
running the latest .8 cvs pull_and_build, on NT
1) Im using liveconnect to call into java classes, not an applet or
plugin just plain vanilla classes. I am able to call back in forth from
JS<->Java but when my java class wants to do some file io i get my
lovely stack trace.
java.security.AccessControlException: access denied
(java.io.FilePermission c:\platform.cfg read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkRead(SecurityManager.java:890)
at java.io.File.isDirectory(File.java:564)
at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:65)
at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:133)
at java.net.URL.openStream(URL.java:798)
at bcJavaSample.nbInitAlertCom(bcJavaSample.java:99)
at java.lang.reflect.Method.invoke(Native Method)
at
sun.plugin.liveconnect.PrivilegedCallMethodAction.run(SecureInvocation.java:209)
at java.security.AccessController.doPrivileged(Native Method)
at
sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:99)
Could someone point me into the correct direction to resolve security
issues in this domain. Im trying to reverese engineer my security
problem by granting all access with my java.policy, but it seems
liveconnect ignores it. In conjunction w/ that i started using
netscape.security.PrivilegeManager.enablePrivilege("UniversalFileRead");
in my JavaScript
but still SO stack trace. So now im at the point of looking to Object,
Script signing. Ive built the /mozilla/security area
and created a psm.exe, but when i try to access psm from
mozilla..nothing. When i try to run psm.exe it just hangs. When i try to
go to an https:// site nothing happens, i assume psm isnt up. I have
tried loading psmtest.html from the psmdata dir under mozilla/bin
and Netscape commincator tells me psm isnt loaded, but a mozilla load
doesnt say if psm is loaded or not. ahh for the love of security
ill keep hackn away and searching the news, thanks for any light on the
matter
Cheers
Jason
