I can confirm that this had the same effect on my box:

Firefox 1.5.0.3
Java 1.5.0_06
Slackware Linux 10.2 (2.6.16 kernel)

On 5/14/06, Marc Schoenefeld <marc.schoenefeld (at) gmx (dot) org [email concealed]> wrote:
> Hi y'all,
>
> Quite a while ago I was testing with applets and found
> this by accident. It is definitely not a big issue, but worth
> to mention, as I discovered that an applet was eating up all the
> free space on the harddrive by allocating a large file in
> the users hidden temp dir (filename is something like
> +~JF57558.tmp ).
>
> Even when leaving the page the applet continues to work due
> to the broken event management between the browser
> and the JVM and after quitting the browser the temp file
> is not deleted.
> Therefore it leaves the machine in a terrible state, with
> no available space left, necessary for automatic security updates.
> And I am just transferring zero bytes but more harmful payload is
> certainly possible.
>
> Java is supposed to work similar on all platforms (write
> once, crash everywhere :-). So please tell me whether
> the following link fills up your hard disk
> (use on your own RISK, of course):
> http://www.illegalaccess.org/exploit/FullDiskApplet.html
>
> I tested with Firefox 1.5.0.3 and JDK 1.4.2_11 on a WinXP
> box and on another XP machine with IE6 , JDK 1.5.0_06.
>
> But I doubt that Sun will ever fix the bug, as they know the issue
> since 2004.
>
> Cheers
> Marc
>
>

[ reply ]