Various compilers (C, C++, Objective-C, Java, ...)
.cvsignore | ||
gcc41-ada-pr18302.patch | ||
gcc41-ada-tweaks.patch | ||
gcc41-dsohandle.patch | ||
gcc41-gnuc-rh-release.patch | ||
gcc41-hash-style-gnu.patch | ||
gcc41-ia64-libunwind.patch | ||
gcc41-ice-hack.patch | ||
gcc41-java-libdotdotlib.patch | ||
gcc41-java-nomulti.patch | ||
gcc41-java-slow_pthread_self.patch | ||
gcc41-multi32-hack.patch | ||
gcc41-objc-rh185398.patch | ||
gcc41-ppc32-retaddr.patch | ||
gcc41-ppc64-m32-m64-multilib-only.patch | ||
gcc41-pr20297-test.patch | ||
gcc41-pr27567.patch | ||
gcc41-pr27898.patch | ||
gcc41-pr28709.patch | ||
gcc41-pr28755.patch | ||
gcc41-pr29059.patch | ||
gcc41-pr29272.patch | ||
gcc41-rh184446.patch | ||
gcc41-strncat-chk.patch | ||
gcc41-tests.patch | ||
gcc41.spec | ||
libgcc_post_upgrade.c | ||
Makefile | ||
README.libgcjwebplugin.so | ||
sources |
gcjwebplugin is a Firefox plugin for running Java applets. It is now included in the libgcj sub-package, though it is not enabled by default. GNU Classpath and libgcj's security implementation is under active development, but it is not ready to be declared secure. Specifically, it cannot run untrusted applets safely. When gcjwebplugin is enabled, it prompts you with a dialog before loading an applet. The dialog tells you that a certain URL would like to load an applet, and asks if you trust the applet. Be aware though that this dialog is mostly informative and doesn't provide much protection: - http and DNS can be spoofed meaning that the URL named in the warning dialog cannot be trusted - someone could create a browser denial-of-service attack by creating a page with hundreds of applet tags, causing gcjwebplugin to create warning dialog after warning dialog. The browser would have to be closed to eliminate the latest dialog - the whitelist is provided as a convenience, but it is unsafe because a domain may change hands from a trusted owner to an untrusted owner. If that domain is in the whitelist then the warning dialog will not appear when loading the new malicious applet. CURRENTLY GCJWEBPLUGIN RUNS WITH NO SECURITY MANAGER. THIS MEANS THAT APPLETS CAN DO ANYTHING A JAVA APPLICATION THAT YOU DOWNLOAD AND RUN COULD DO. BE *VERY* CAREFUL WHICH APPLETS YOU RUN. DO NOT USE GCJWEBPLUGIN ON YOUR SYSTEM IF YOUR SYSTEM STORES IMPORTANT DATA. THIS DATA CAN BE DESTROYED OR STOLEN. The same warning applies to gappletviewer, which also runs with no security manager (in fact, gcjwebplugin spawns gappletviewer to do the applet loading). When run on the command line, gappletviewer issues a warning on startup and asks you if you want to continue. Even considering the risks involved, you may still want to try gcjwebplugin. GNU Classpath's AWT and Swing implementations are now sufficiently mature that they're able to run many applets deployed on the web. If you're interested in trying gcjwebplugin, you can do so by creating a symbolic link in ~/.mozilla/plugins like so: ln -s /usr/lib/gcj-4.1.1/libgcjwebplugin.so ~/.mozilla/plugins/ Type about:plugins in Firefox's URL bar to confirm that the plugin has been loaded. To see gcjwebplugin debugging output, run: firefox -g then at the GDB prompt, type run Please report bugs in Red Hat Bugzilla: http://bugzilla.redhat.com