You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "Sebastien Lannez (JIRA)" <ji...@apache.org> on 2018/03/01 10:33:00 UTC

[jira] [Commented] (LOG4J2-2274) Running log4j in restricted environment

    [ https://issues.apache.org/jira/browse/LOG4J2-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16381810#comment-16381810 ] 

Sebastien Lannez commented on LOG4J2-2274:
------------------------------------------

Unit test added. Verified it fails with 2.10.0 and passes with the modified EnvironmentPropertySource.

> Running log4j in restricted environment 
> ----------------------------------------
>
>                 Key: LOG4J2-2274
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-2274
>             Project: Log4j 2
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 2.10.0
>            Reporter: Sebastien Lannez
>            Priority: Major
>             Fix For: 2.11.0
>
>         Attachments: EnvironmentPropertySource.java, TestSecManager.java
>
>
> Please find attached to this email a code change proposal for the EnvironmentPropertySource so it does not  fail when used in conjonction with highly restrictive security restriction managers.
>  
> I propose to surround with a try..catch the retrieval of environment variables so the library does not fail to initialize when it runs in the context of a security manager that always issues Exception when security rules are violated.
>  
> see attachment for proposal



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)