This bug was reported more than six months ago, and I ran into it myself yesterday when doing a fresh ubuntu reinstall. Any chance someone can comment?
-- You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-6 in ubuntu. https://bugs.launchpad.net/bugs/596688 Title: code from privileged sources executed with restricted permissions Status in “openjdk-6” package in Ubuntu: New Bug description: When executing a Java applet or calling Java directly from Firefox chrome:// code (e.g., Firefox extensions), the code should be granted AllPermissions. Given that chrome:// code has shell execution privileges, this is not a security hole. Permissions are handled properly by the Sun NPRuntime Java plug-in, and were handled mostly properly by the old OJI/LiveConnect plug-in. Running the following from a Firefox overlay: new java.net.URLClassLoader(java.lang.reflect.Array.newInstance(java.lang.Class.forName("java.net.URL"), 0)); produces the following error in icedtea6-plugin-6b18-1.8-0ubuntu1 java.lang.reflect.InvocationTargetException at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:532) at sun.applet.PluginAppletSecurityContext$6.run(PluginAppletSecurityContext.java:1050) at java.security.AccessController.doPrivileged(Native Method) at sun.applet.PluginAppletSecurityContext.handleMessage(PluginAppletSecurityContext.java:1047) at sun.applet.AppletSecurityContextManager.handleMessage(AppletSecurityContextManager.java:69) at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:273) at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:82) Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:282) at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:611) at java.lang.ClassLoader.checkCreateClassLoader(ClassLoader.java:194) at java.lang.ClassLoader.<init>(ClassLoader.java:243) at java.security.SecureClassLoader.<init>(SecureClassLoader.java:94) at java.net.URLClassLoader.<init>(URLClassLoader.java:130) ... 10 more Error on Java side: LiveConnectPermissionNeeded access denied (java.lang.RuntimePermission createClassLoader) This same code executes without a hitch in the sun-java6-plugin-6 .20dlj-1ubuntu3. This is currently preventing the Zotero OpenOffice plug-in from working on a default Ubuntu installation. _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : openjdk@lists.launchpad.net Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
