Am Dienstag, den 30.05.2006, 17:26 -0400 schrieb Noel J. Bergman: > Serge Knystautas wrote: > > > Java has survived for 10+ years without such an attack. > > And for those 10+ years, Java security has been based upon one of two > things: location and, more recently, signing. Most jars, e.g., Sun's jars, > are not signed. Besides, and not atypically, JAMES does not use Java 2 > security. So the security a user has when running code is derived from > trusting its origin. Automatic installation of code from untrusted sources > renders such trust foolish at best. > > > There are just too many easier ways to hack systems. > > If security naive approaches such as Maven's prevail they will become > vectors for easy attack, which is why they are being pushed to fix the > problem. The folks on the Maven project do recognize the issue. They may > have been naive about security, but they are smart folks. > > > when ant and maven and other methods of automatically downloading > > support authentication, then great, but I see this as a bogus > > reason to not use automatic downloads. > > Imagine if someone pushed to a repository a hacked version of JAF such that > it recognized a special MIME type, and started executing instructions. Few > would be the wiser. Are we having fun yet? > > Paranoia is a positive adaptive trait in a security administrator. > Especially when you run the code as root! > > --- Noel
This is especially why we should test more the usage of commons daemon to start james and drop the privileges! bye Norman
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
