You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/06/22 21:25:37 UTC
[Bug 61210] New: When using the Security Manager, Tomcat prints
warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
Bug ID: 61210
Summary: When using the Security Manager, Tomcat prints warning
about a non-existent file
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Util
Assignee: dev@tomcat.apache.org
Reporter: csutherl@redhat.com
Target Milestone: ----
I noticed that when using the Security Manager in Tomcat you always see the
following warning messages on startup (one for every application that's
deployed):
~~~
WARNING [localhost-startStop-1]
org.apache.juli.ClassLoaderLogManager.readConfiguration Reading
/apache-tomcat-8.5.15/webapps/ROOT/WEB-INF/classes/logging.properties is not
permitted. See "per context logging" in the default catalina.policy file.
WARNING [localhost-startStop-1]
org.apache.juli.ClassLoaderLogManager.readConfiguration Reading
/apache-tomcat-8.5.15/webapps/examples/WEB-INF/classes/logging.properties is
not permitted. See "per context logging" in the default catalina.policy file.
WARNING [localhost-startStop-1]
org.apache.juli.ClassLoaderLogManager.readConfiguration Reading
/apache-tomcat-8.5.15/webapps/docs/WEB-INF/classes/logging.properties is not
permitted. See "per context logging" in the default catalina.policy file.
~~~
While the message is technically accurate (reading the file is prohibited), it
isn't pertinent to the user because the file may not (doesn't in this case)
exist in any of these three applications. Is it possible to check that the file
exists at this point so that we can only print the message when it's present?
Do so would remove an extra warning (that may not be applicable) from the log
file and give users a clean vanilla log to start with.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
--- Comment #5 from Coty Sutherland <cs...@redhat.com> ---
Created attachment 35077
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35077&action=edit
First attempt
Here's my first attempt at checking whether or not the file exists before
logging. The problem with this is that the privileged block is still failing
checkPermission. I'm not quite sure how to fix it as I modeled my change after
some other doPrivileged calls in the same class. The only difference is that
I'm returning a value to check later in the readConfiguration method instead of
Void. Can anyone point me in the right direction?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
Coty Sutherland <cs...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Util |JULI
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #11 from Mark Thomas <ma...@apache.org> ---
It has been a while so I've applied my patch for this.
Fixed in:
- trunk for 9.0.0.M27 onwards
- 8.5.x for 8.5.21 onwards
- 8.0.x for 8.0.47 onwards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
--- Comment #6 from Mark Thomas <ma...@apache.org> ---
It fails because the call originates in JULI and JULI doesn't have permissions
to read the file. All the Privileged block does is stop the security manager
also checking that all of the callers up the stack also have permission to read
the file.
An alternative approach will be required.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
Konstantin Kolinko <kn...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|8.5.x-trunk |8.5.15
--- Comment #1 from Konstantin Kolinko <kn...@gmail.com> ---
1. From your logs, you are running Tomcat 8.5.15. I am changing the Version
field to match that.
2. Generally, this is a feature.
The message text tells one to look into the catalina.policy file,
and there is a comment there that explains the issue.
"// Note: To enable per context logging configuration" ...
https://svn.apache.org/viewvc/tomcat/tc8.5.x/tags/TOMCAT_8_5_15/conf/catalina.policy?view=markup#l93
Any ideas how to improve users' experience here?
Allowing to read some random logging.properties files is not an option,
as it is insecure.
- An idea:
Add an explanation of this issue to Documentation and change message text to
tell users to read that documentation page as well.
http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
--- Comment #10 from Mark Thomas <ma...@apache.org> ---
A slightly bigger hint:
JULI cannot have any external dependencies.
The "Does this file exist?" test needs to happen in a privileged block.
That privileged block needs to be located in a class in a JAR that has full
privs (i.e. CATALINA_BASE/lib).
You need a way to call into a that class from JULI.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
--- Comment #7 from Mark Thomas <ma...@apache.org> ---
There is a way to do this.
Hint: Take a look at org.apache.juli.WebappProperties and how it is used.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
--- Comment #3 from Coty Sutherland <cs...@redhat.com> ---
(In reply to Konstantin Kolinko from comment #1)
> 1. From your logs, you are running Tomcat 8.5.15. I am changing the Version
> field to match that.
I tested with 8.5.x too, apparently I copied the wrong logs.
> 2. Generally, this is a feature.
> The message text tells one to look into the catalina.policy file,
> and there is a comment there that explains the issue.
Like I said, the message is accurate however the file that it's warning about
doesn't exist. This could cause users to see a warning in the log file that
needs to be fixed when in fact there is no problem.
>
> Any ideas how to improve users' experience here?
>
> Allowing to read some random logging.properties files is not an option,
> as it is insecure.
I'm not sure what you're after here. I don't want anyone to be able to read the
file :) I want the warning message to be conditional based on whether or not
the file actually exists.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
--- Comment #8 from Mark Thomas <ma...@apache.org> ---
Coty, I have a patch for this but I thought you might want to figure this out
for yourself. If you want another hint (or just want me to apply my patch), let
me know.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
--- Comment #9 from Coty Sutherland <cs...@redhat.com> ---
I've been meaning to circle back to this (and a few others...) but haven't been
able to make time just yet. I do recall being a bit confused by your last hint
because I couldn't see the correlation between how WebappProperties was used
and what I should be doing. Care to drop another hint? If you want to push the
patch you have ready, you can commit it and I'll just review what you did and
maybe do something similar next time :)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
I was thinking add a privileged block that tested if the file existed and don't
trigger the warning if it doesn't. Note I haven't dug into the code to see hwo
easy this would be yet.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning
about a non-existent file
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210
--- Comment #4 from Coty Sutherland <cs...@redhat.com> ---
(In reply to Mark Thomas from comment #2)
> I was thinking add a privileged block that tested if the file existed and
> don't trigger the warning if it doesn't. Note I haven't dug into the code to
> see hwo easy this would be yet.
+1, that's what I was hoping for. I haven't played much with privileged blocks,
but I can try and mock up a quick patch to do that.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org