Date: Tue, 21 Jul 1998 10:23:46 +0200
From: Defeng Ma <ma@inf.ethz.ch>
To: java-security@java.sun.com
Subject: a small bug in the writeFile.java
This is a multi-part message in MIME format.
--------------BDFF9AD976FB519A53732AEE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Dear Sir and Madam,
there is a small bug in your program writeFile.java on the webpage
http://java.sun.com/security/signExample/
The dataOutputStream in this program is not closed after the program
wrote some words in the myFile (/tmp/foo or tmpfoo). Therefore, it is
no problem to test it by the first time. But if I tried with my signed
applet to run the same example again, there is a I/O error. It is same
even just I reload the same page with your examples. As I was
not good as java security concept, so I thought I must do sth. wrong
by signed the jar file. After long time, I find the reason is that
the dataOutputStream is not closed at the end of the applet. I think
most people who have less experience will have same problem as me.
In attachment, you could find the the updated version.
Thanks,
Defeng Ma
-- ==================================================================== Ma, Defeng Addresse: (Office) (Private) Institute for Information Systems Rolandstr.16 ETH Zentrum, IFW C43.2 8004 Zurich, Switzerland 8092 Zurich, Switzerland Tel. +41-1-632 7272 Tel. +41-1-291 67 41 Fax. +41-1-632 1172 e-Mail: ma@inf.ethz.ch WWW: http://www.inf.ethz.ch/personal/ma/ ==================================================================== --------------BDFF9AD976FB519A53732AEE Content-Type: text/plain; charset=us-ascii; name="writeFile.java" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="writeFile.java"/** * By default, this applet raises a security exception. * * With JDK 1.1 appletviewer, * if you configure your system to allow applets signed by "Duke" * to run on your system, then this applet can run and write a file * to your /tmp directory. (or to the file named "tmpfoo" on a * Windows system) * * @version JDK 1.1 * @author Marianne Mueller */
import java.awt.*; import java.io.*; import java.lang.*; import java.applet.*;
public class writeFile extends Applet { String myFile = "/tmp/foo"; File f = new File(myFile); DataOutputStream dos;
public void init() { String osname = System.getProperty("os.name"); if (osname.indexOf("Windows") != -1) { myFile="tmpfoo"; } }
public void paint(Graphics g) { try { dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream(myFile),128)); dos.writeChars("Cats can hypnotize you when you least expect it\n"); dos.flush(); dos.close(); g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at it!", 10, 10);
String name = System.getProperty("user.name"); g.drawString("And, successfully got user.name ..." + name, 10, 30); }
catch (SecurityException e) { g.drawString("writeFile: caught security exception", 10, 10); } catch (IOException ioe) { g.drawString("writeFile: caught i/o exception", 10, 10); } } }
--------------BDFF9AD976FB519A53732AEE--