CSE394: Security Policy Frameworks
                            Scott Stoller
         Homework 4.  Version: 8 nov 2005.  Due: 22 nov 2005.

This homework is about the Java Security Architecture (see link on
cse394 announcements page under Nov 3), which we discussed in class on
3 nov and 8 nov.

Consider an applet that uses a GUI library that reads configuration
information from /home/prefs.cfg.  The security policy causes
the applet's classes to be placed in a protection domain with
permission to read and write files only in /tmp/applet/.

1. Suppose the applet's run() method calls the initialize() method of
the GUI library, which attempts to open and read prefs.cfg.  Suppose
initialize() does not perform any special security-related operations.
The access control check performed in the java.io library when
prefs.cfg is opened will fail.  Explain why.  (A few sentences is
enough.)

2. Explain how to fix this problem.  (A few sentences, or a short code
fragment, is enough.)