Fixed RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation

author: Deepak Bhole <[email protected]> 2011-02-15 17:03:09 -0500
committer: Deepak Bhole <[email protected]> 2011-02-15 17:03:09 -0500
commit: 6491febf569a2eb3d32a96d69f839ff9a2e65c11 (patch)
tree: 5f780632397b340a264093d89259f17566c57b39 /netx
parent: e0cc53235475ba113fd9781e3951e05a0d5ae005 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
index 52db413..1822c01 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
@@ -481,9 +481,15 @@ public class JNLPClassLoader extends URLClassLoader {
                         codebase = file.getResources().getMainJAR().getLocation();
                     }
 
-                    jarSecurity = new SecurityDesc(file,
+                    if (signing) {
+                        jarSecurity = new SecurityDesc(file,
                                                         SecurityDesc.ALL_PERMISSIONS,
                                                         codebase.getHost());
+                    } else {
+                        jarSecurity = new SecurityDesc(file,
+                                                        SecurityDesc.SANDBOX_PERMISSIONS,
+                                                        codebase.getHost());
+                    }
                 }
 
                 jarLocationSecurityMap.put(location, jarSecurity);
author	Deepak Bhole <[email protected]>	2011-02-15 17:03:09 -0500
committer	Deepak Bhole <[email protected]>	2011-02-15 17:03:09 -0500
commit	6491febf569a2eb3d32a96d69f839ff9a2e65c11 (patch)
tree	5f780632397b340a264093d89259f17566c57b39 /netx
parent	e0cc53235475ba113fd9781e3951e05a0d5ae005 (diff)