From: lady0065@sable.ox.ac.uk (David Hopwood)
Newsgroups: comp.lang.java
Subject: Java security bug (applets can load native methods)
Date: 3 Mar 1996 00:01:57 GMT
Organization: Oxford University, England
Message-ID: <4hanhl$4p9@news.ox.ac.uk>
Keywords: security native methods

There is a serious security bug in the class loading code for the Java
development kit and Netscape (all Java-enabled versions). If an attacker can 
arrange for two files (a "Loader" class, and a dynamic library) to be
installed in any readable directory on the client machine, he/she can bypass
all of Java's security restrictions. For example, the applet can read, 
write and execute files on the client, with the same permissions as the
user of the browser.

The only way to avoid this bug at the moment is to disable Java. In Netscape
this can be done by selecting 'Disable Java' in the 'Security preferences...'
section of the 'Options' menu.

This bug affects all Java implementations based on Sun's source code. It is
not related to Javascript.

Further details will be posted when Sun and Netscape have released patches.

David Hopwood
david.hopwood@lmh.ox.ac.uk