You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2008/09/04 09:34:05 UTC

DO NOT REPLY [Bug 45737] New: AcessControlException when using security manager: juli can't read logging.properties

https://issues.apache.org/bugzilla/show_bug.cgi?id=45737

           Summary: AcessControlException when using security manager: juli
                    can't read logging.properties
           Product: Tomcat 5
           Version: 5.5.26
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: rainer.jung@kippdata.de


When using the security manager with the default security policy
(catalina.policy), Tomcat 5.5.26 and 5.5.27 will throw an
AccessControlException for each loaded context during startup.

Workaround
----------

Check the contents of the files WEB-INF/lib/logging.properties for each of your
contexts. If those look safe, you can add read permission for these files to
the juli package in your security policy. See "per context logging" in
catalina.policy. Note that by CVE-2007-5342 you should make sure, that the
webapp provided logging.properties do not try to manipulate data outdise of the
context, like overwriting other contexts log files.

Fix
---

A fix has been proposed for backport from trunk. It will log the situation and
no longer throw an exception.

This issue is meant as a reference for users running into the problem. It
should be closed after the backport.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 45737] AcessControlException when using security manager: juli can't read logging.properties

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=45737


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #1 from Mark Thomas <ma...@apache.org>  2009-04-09 07:10:53 PST ---
This has been fixed in 5.5.x and will be included in 5.5.28 onwards.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org