Sen descrición

Rob Austein 3c0b1a0922 Don't assume the JRE self-extracter is executable %!s(int64=5) %!d(string=hai) anos
.dockerignore 60eee0111d First public version %!s(int64=5) %!d(string=hai) anos
.gitignore 32f1a52abd Downgrade to an ancient and vulnerable version of Java. %!s(int64=5) %!d(string=hai) anos
Dockerfile 3c0b1a0922 Don't assume the JRE self-extracter is executable %!s(int64=5) %!d(string=hai) anos
Makefile 32f1a52abd Downgrade to an ancient and vulnerable version of Java. %!s(int64=5) %!d(string=hai) anos
README.md 32f1a52abd Downgrade to an ancient and vulnerable version of Java. %!s(int64=5) %!d(string=hai) anos
create.sh 32f1a52abd Downgrade to an ancient and vulnerable version of Java. %!s(int64=5) %!d(string=hai) anos
handlers.json 08b13cc74d Horrible kludge to preconfigure jnlp application %!s(int64=5) %!d(string=hai) anos
icewm.menu d0eb10aebb Working, ish %!s(int64=5) %!d(string=hai) anos
ratpoisonrc 52bd9bb98c Switch to ratpoison %!s(int64=5) %!d(string=hai) anos
run.sh 32f1a52abd Downgrade to an ancient and vulnerable version of Java. %!s(int64=5) %!d(string=hai) anos
startup.sh 08b13cc74d Horrible kludge to preconfigure jnlp application %!s(int64=5) %!d(string=hai) anos

README.md

Fireslug

Waterfox running under Xvnc inside a Docker container, a demented tool to solve a demented problem.

Occasionally one needs to run dangerous code in a web brower, eg, some dodgy Java app which is the only available interface to some critical resource. Running this in one's normal web browser is a bad idea.

So what one really wants here is a burner web browser. Here you go.

See create.sh and run.sh for ways one might use the image.

Something along the lines of the run.sh formulation might work well as the command portion of a tunneling ssh -L 5900:127.0.0.1:5900 command.

Sadly, this approach requires one to download JRE directly from Oracle, get an account, and check through a license agreement, so I can't just give it away, you'll have to download the JRE yourself.

Kate's reference on installing Java

Even with this, Java still whines a lot when dealing with the kind of crappy old IPMI consoles that require this insanity in the first place. Among other things, Java whines that the crappy Java app supplied by IPMI isn't signed properly (true), and therefore refuses to run it (why were we doing this again?). Once one gets past that, one has to argue with Waterfox a bit to get it to believe that you want to use javaws as the launcher for jnlp files.

You can bypass the Java whining by prepopulating /root/.java/deployment/security/exception.sites with a URL whitelist. The format appears to be one URL per line, no comments or other formatting. Example:

https://ipmi.foo.example.org
https://ipmi.bar.example.org

The hack for preconfiguring Waterfox's MIME handler to run /usr/bin/javaws for jnlp files is particularly disgusting, but none of the rest of this is particularly nice either. Whatever.

This version is based on Debian Buster, so that we can use PepperFlashPlayer via an APT package.