You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2008/09/04 09:34:05 UTC
DO NOT REPLY [Bug 45737] New: AcessControlException when using
security manager: juli can't read logging.properties
https://issues.apache.org/bugzilla/show_bug.cgi?id=45737
Summary: AcessControlException when using security manager: juli
can't read logging.properties
Product: Tomcat 5
Version: 5.5.26
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: rainer.jung@kippdata.de
When using the security manager with the default security policy
(catalina.policy), Tomcat 5.5.26 and 5.5.27 will throw an
AccessControlException for each loaded context during startup.
Workaround
----------
Check the contents of the files WEB-INF/lib/logging.properties for each of your
contexts. If those look safe, you can add read permission for these files to
the juli package in your security policy. See "per context logging" in
catalina.policy. Note that by CVE-2007-5342 you should make sure, that the
webapp provided logging.properties do not try to manipulate data outdise of the
context, like overwriting other contexts log files.
Fix
---
A fix has been proposed for backport from trunk. It will log the situation and
no longer throw an exception.
This issue is meant as a reference for users running into the problem. It
should be closed after the backport.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45737] AcessControlException when using security
manager: juli can't read logging.properties
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45737
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Mark Thomas <ma...@apache.org> 2009-04-09 07:10:53 PST ---
This has been fixed in 5.5.x and will be included in 5.5.28 onwards.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org