diff options
author | Omair Majid <[email protected]> | 2010-11-24 14:15:11 -0500 |
---|---|---|
committer | Omair Majid <[email protected]> | 2010-11-24 14:15:11 -0500 |
commit | 734d3800792d3b1825eb3101227eae519311871e (patch) | |
tree | 5deb277c81fd7f719ae7bee19f195455665f6c43 /plugin/icedteanp | |
parent | 5ce4fedba27f4160ed7d1979478886c6546d382c (diff) |
CVE-2010-3860 IcedTea System property information leak via public static
2010-11-24 Omair Majid <[email protected]>
* netx/net/sourceforge/jnlp/runtime/Boot.java: Remove basedir
option. Add NETX_ABOUT_FILE.
(run): Remove call to JNLPRuntime.setBaseDir.
(getAboutFile): Use the constant in this file, not JNLPRuntime.
(getBaseDir): Remove obsolete method.
* netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: Remove
baseDir, USER, HOME_DIR, NETXRC_FILE, NETX_DIR, SECURITY_DIR,
CERTFICIATES_FILE, JAVA_HOME_DIR, NETX_ABOUT_FILE.
(initialize): Do not set baseDir.
(getBaseDir): Remove method.
(setBaseDir): Likewise.
(getDefaultBaseDir): Likewise.
(getProperties): Likewise.
* netx/net/sourceforge/jnlp/security/SecurityUtil.java
(getTrustedCertsFilename): Delegate to
KeyStores.getKeyStoreLocation.
* plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java
(PluginAppletSecurityContext): Remove call to obsolete method.
Diffstat (limited to 'plugin/icedteanp')
-rw-r--r-- | plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java b/plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java index bef2bd8..eb68371 100644 --- a/plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java +++ b/plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java @@ -250,11 +250,6 @@ public class PluginAppletSecurityContext { public PluginAppletSecurityContext(int identifier) { this.identifier = identifier; - - // also, override the basedir, use a different one for the plugin - File f = new File(System.getProperty("user.home") + "/.icedteaplugin/"); - f.mkdir(); - JNLPRuntime.setBaseDir(f); // We need a security manager.. and since there is a good chance that // an applet will be loaded at some point, we should make it the SM |