[E-Lang] E FAQ
Marc Stiegler
marcs@skyhunter.com
Thu, 11 Oct 2001 21:28:36 -0700
> If what you say above is true, within the constrained applet environment,
> then it would constitute a grosser breakage of the applet security
> constraints than any Java has yet suffered from. While possible, I would
be
> surprised. Have you examined whether this exploit can in fact be used by
an
> applet operating under the normal applet constraints?
I am ill equipped to test this by writing a pair of applets and seeing if
they clobber each other, since the only development environment I have at
the moment is E :-) However, I just perused the Security Manager permissions
settings, and there is no obvious setting for shutting off access to the
keymap except the runtime permission accessClassInPackage.* stuff, which I
would guess is only used for custom jobs. So, if it is true that browsers
run multiple applets in the same jvm, it looks to me like this exploit would
work. But my depth of understanding of the security manager is so thin, you
could use it as a light refraction grating :-) So someone with greater
expertise really ought to assess it.
--marcs