11
2
Is it possible to "jail" Java applications?
My bank has an applet that requests "unrestricted access" to my computer. That makes me feels very uneasy.
There should be a way to tell the java runtime that my system's root directory is something like /Users/myuser/javajail , and that would be all that java could access.
Alex
Posted 2009-09-29T19:20:33.717
Reputation: 215
6
You could fake this by creating an account Jail with the minimum of rights and then running Safari with
su Jail -c /Applications/Safari.app/Contents/MacOS/Safari
When you need to access your bank.
Another option is to go to the Java Preferences and activate the Java Console. You can then poke around at what class there are and then write a policy file that jails that applet. Not sure how easy this would be. Your best bet would be to make the policy system wide in the current JVM by installing within the classpath under /Library/Java/Home
sal
Posted 2009-09-29T19:20:33.717
Reputation: 1 026
The permissions granted by the PlgIn would be in addition to that supplied by the policy file. – Tom Hawtin - tackline – 2009-10-05T06:44:00.730
You should perhaps ask your bank why they want unrestricted access to your computer. I wouldn't give that to my government (although they might take it anyway). – Tom Hawtin - tackline – 2009-10-05T06:45:58.883