Can trusted 1.5 applets execute system commands?

If so, is there any limitation to this ability? Specifically, I need to target Mac OSX.

回答1:

I have used this before to launch things on a windows system never tried it on a Mac though.

public void launchScript(String args)
{
    String cmd = null;
    try
    {
        cmd = getParameter(PARAM_CMD);
        System.out.println("args value : = " + args);
        System.out.println("cmd value : = " + cmd);
        System.out.println("Full command:  = " + cmd + " " + args);
        if (cmd != null && !cmd.trim().equals(""))
        {
            if (args == null || args.trim().equals(""))
            {
                final String tempcmd = cmd;
                AccessController.doPrivileged(new PrivilegedAction() {
                public Object run() {
                try
                {
                    Runtime.getRuntime().exec(tempcmd);
                }
                catch (Exception e)
                {
                    System.out.println("Caught exception in privileged block, Exception:" + e.toString());
                }
                return null; // nothing to return
            }
            });                    
                System.out.println(cmd);
            }
            else
            {
                final String tempargs = args;
                final String tempcmd1 = cmd;
                AccessController.doPrivileged(new PrivilegedAction() {
                    public Object run() 
                    {
                        try
                        {
                            Runtime.getRuntime().exec(tempcmd1 + " " + tempargs);
                        }
                        catch (Exception e)
                        {
                            System.out.println("Caught exception in privileged block, Exception:" + e.toString());
                        }
                        return null; // nothing to return
                    }
                });                        
                System.out.println(cmd + " " + args);
            }
        }
        else
        {
            System.out.println("execCmd parameter is null or empty");
        }
    }
    catch (Exception e)
    {
        System.out.println("Error executing command --> " + cmd + " (" + args + ")");
        System.out.println(e);
    }
}

回答2:

As it turns out, they can.

回答3:

The only related issue I know about is that using the old "classic" PlugIn in Internet Explorer on Windows Vista, the applet was run in a "low integrity" process, which stopped it being particularly useful.

As ever, my usual advice is to know what you are doing before signing any code.