Fixed RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation

author: Deepak Bhole <[email protected]> 2011-02-15 17:03:09 -0500
committer: Deepak Bhole <[email protected]> 2011-02-15 17:03:09 -0500
commit: 6491febf569a2eb3d32a96d69f839ff9a2e65c11 (patch)
tree: 5f780632397b340a264093d89259f17566c57b39
parent: e0cc53235475ba113fd9781e3951e05a0d5ae005 (diff)
3 files changed, 16 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 1a21151..56130c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,14 @@
 	(TimedHashMap): Moved to...
 	* netx/net/sourceforge/jnlp/util/TimedHashMap.java: New file.
 
+2011-02-11  Omair Majid  <[email protected]>
+
+	RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation
+	* NEWS: Updated.
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+	(initializeResources): Assign appropriate security descriptor based on
+	code signing.
+
 2011-02-11  Deepak Bhole <[email protected]>
 
 	Fix S6983554, CVE-2010-4450: Launcher incorrect processing of empty
diff --git a/NEWS b/NEWS
index 6fbd247..60f4625 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 New in release 1.1 (2011-XX-XX):
 * Security updates
   - S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries 
+  - RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation
 * NetX
   - Use Firefox's proxy settings if possible
   - RH669942: javaws fails to download version/packed files (missing support for jnlp.packEnabled and jnlp.versionEnabled)
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
index 52db413..1822c01 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
@@ -481,9 +481,15 @@ public class JNLPClassLoader extends URLClassLoader {
                         codebase = file.getResources().getMainJAR().getLocation();
                     }
 
-                    jarSecurity = new SecurityDesc(file,
+                    if (signing) {
+                        jarSecurity = new SecurityDesc(file,
                                                         SecurityDesc.ALL_PERMISSIONS,
                                                         codebase.getHost());
+                    } else {
+                        jarSecurity = new SecurityDesc(file,
+                                                        SecurityDesc.SANDBOX_PERMISSIONS,
+                                                        codebase.getHost());
+                    }
                 }
 
                 jarLocationSecurityMap.put(location, jarSecurity);
author	Deepak Bhole <[email protected]>	2011-02-15 17:03:09 -0500
committer	Deepak Bhole <[email protected]>	2011-02-15 17:03:09 -0500
commit	6491febf569a2eb3d32a96d69f839ff9a2e65c11 (patch)
tree	5f780632397b340a264093d89259f17566c57b39
parent	e0cc53235475ba113fd9781e3951e05a0d5ae005 (diff)