You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/11/25 11:26:26 UTC
svn commit: r1545213 - in /tomcat/trunk:
java/org/apache/catalina/core/StandardHost.java
webapps/docs/config/host.xml webapps/docs/security-howto.xml
Author: markt
Date: Mon Nov 25 10:26:26 2013
New Revision: 1545213
URL: http://svn.apache.org/r1545213
Log:
When running under a security manager disabled deployXML by default.
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardHost.java
tomcat/trunk/webapps/docs/config/host.xml
tomcat/trunk/webapps/docs/security-howto.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardHost.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardHost.java?rev=1545213&r1=1545212&r2=1545213&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardHost.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardHost.java Mon Nov 25 10:26:26 2013
@@ -31,6 +31,7 @@ import javax.management.ObjectName;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
+import org.apache.catalina.Globals;
import org.apache.catalina.Host;
import org.apache.catalina.JmxEnabled;
import org.apache.catalina.Lifecycle;
@@ -128,7 +129,7 @@ public class StandardHost extends Contai
/**
* deploy Context XML config files property.
*/
- private boolean deployXML = true;
+ private boolean deployXML = !Globals.IS_SECURITY_ENABLED;
/**
Modified: tomcat/trunk/webapps/docs/config/host.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/host.xml?rev=1545213&r1=1545212&r2=1545213&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/host.xml (original)
+++ tomcat/trunk/webapps/docs/config/host.xml Mon Nov 25 10:26:26 2013
@@ -242,7 +242,8 @@
then be responsible for providing an external context configuration
file, and putting it in the location defined by the
<strong>xmlBase</strong> attribute. The flag's value defaults to
- <code>true</code>.</p>
+ <code>true</code> unless a security manager is enabled when the default
+ is <code>false</code>.</p>
</attribute>
<attribute name="errorReportValveClass" required="false">
Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1545213&r1=1545212&r2=1545213&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Mon Nov 25 10:26:26 2013
@@ -173,6 +173,13 @@
manager should be introduced at the start of the development cycle as it can
be time-consuming to track down and fix issues caused by enabling a security
manager for a mature application.</p>
+
+ <p>Enabling the security manager changes the defaults for the following
+ settings:</p>
+ <ul>
+ <li>The default value for the <strong>deployXML</strong> attribute of the
+ <strong>Host</strong> element is changed to <code>false</code>.</li>
+ </ul>
</section>
<section name="server.xml">
@@ -293,9 +300,11 @@
</p>
<p>In a hosted environment where web applications may not be trusted, set
- the <strong>deployXML</strong> attribute to <code>false</code> to ignore any
- context.xml packaged with the web application that may try to assign
- increased privileges to the web application. </p>
+ the <strong>deployXML</strong> attribute to <code>false</code> to ignore
+ any context.xml packaged with the web application that may try to assign
+ increased privileges to the web application. Note that if the security
+ manager is enabled that the <strong>deployXML</strong> attribute will
+ default to <code>false</code>.</p>
</subsection>
<subsection name="Context">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1545213 - in /tomcat/trunk: java/org/apache/catalina/core/StandardHost.java
webapps/docs/config/host.xml webapps/docs/security-howto.xml
Posted by Mark Thomas <ma...@apache.org>.
On 25/11/2013 12:07, Konstantin Kolinko wrote:
> 2013/11/25 Mark Thomas <ma...@apache.org>:
>> On 25/11/2013 11:29, Konstantin Kolinko wrote:
>>> 2013/11/25 <ma...@apache.org>:
>>>> Author: markt
>>>> Date: Mon Nov 25 10:26:26 2013
>>>> New Revision: 1545213
>>>>
>>>> URL: http://svn.apache.org/r1545213
>>>> Log:
>>>> When running under a security manager disabled deployXML by default.
>>>>
>>>
>>> +1.
>>>
>>> Note, that
>>> The manager application in its default configuration will stop working
>>>
>>> There was a thread in October,
>>> "can't connect to manager application"
>>> http://markmail.org/thread/ob3kjbnvu2usljmz
>>>
>>> I thought to add this effect to the description of "deployXML"
>>> attribute, but have not got there yet.
>>>
>>> Similarly, if someone has important bits in their META-INF/context.xml
>>> such as RemoteAddrValve and AccessLogValve, those will be ignored with
>>> this change. If those were not critical to one's web application and
>>> it starts successfully, it will lower their security,
>>
>> Ah. That isn't good. I think it will be safer to introduce this change
>> only in 8.0.x. It can be documented in the migration guide. That sort of
>> change in a point release is going to catch people out.
>>
>
> A thought:
> A possible enhancement to the behaviour of "deployXML=false":
>
> Do not start applications that have their own META-INF/context.xml,
> unless there is an explicit configuration for them in conf/*.
>
> This takes care of occasionally ignoring a RemoteAddrValve and similar
> (such as the RemoteAddrValve that we may enable by default in the
> Manager webapp).
That would work. I'll take a look.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1545213 - in /tomcat/trunk: java/org/apache/catalina/core/StandardHost.java
webapps/docs/config/host.xml webapps/docs/security-howto.xml
Posted by Konstantin Kolinko <kn...@gmail.com>.
2013/11/25 Mark Thomas <ma...@apache.org>:
> On 25/11/2013 11:29, Konstantin Kolinko wrote:
>> 2013/11/25 <ma...@apache.org>:
>>> Author: markt
>>> Date: Mon Nov 25 10:26:26 2013
>>> New Revision: 1545213
>>>
>>> URL: http://svn.apache.org/r1545213
>>> Log:
>>> When running under a security manager disabled deployXML by default.
>>>
>>
>> +1.
>>
>> Note, that
>> The manager application in its default configuration will stop working
>>
>> There was a thread in October,
>> "can't connect to manager application"
>> http://markmail.org/thread/ob3kjbnvu2usljmz
>>
>> I thought to add this effect to the description of "deployXML"
>> attribute, but have not got there yet.
>>
>> Similarly, if someone has important bits in their META-INF/context.xml
>> such as RemoteAddrValve and AccessLogValve, those will be ignored with
>> this change. If those were not critical to one's web application and
>> it starts successfully, it will lower their security,
>
> Ah. That isn't good. I think it will be safer to introduce this change
> only in 8.0.x. It can be documented in the migration guide. That sort of
> change in a point release is going to catch people out.
>
A thought:
A possible enhancement to the behaviour of "deployXML=false":
Do not start applications that have their own META-INF/context.xml,
unless there is an explicit configuration for them in conf/*.
This takes care of occasionally ignoring a RemoteAddrValve and similar
(such as the RemoteAddrValve that we may enable by default in the
Manager webapp).
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1545213 - in /tomcat/trunk: java/org/apache/catalina/core/StandardHost.java
webapps/docs/config/host.xml webapps/docs/security-howto.xml
Posted by Mark Thomas <ma...@apache.org>.
On 25/11/2013 11:29, Konstantin Kolinko wrote:
> 2013/11/25 <ma...@apache.org>:
>> Author: markt
>> Date: Mon Nov 25 10:26:26 2013
>> New Revision: 1545213
>>
>> URL: http://svn.apache.org/r1545213
>> Log:
>> When running under a security manager disabled deployXML by default.
>>
>
> +1.
>
> Note, that
> The manager application in its default configuration will stop working
>
> There was a thread in October,
> "can't connect to manager application"
> http://markmail.org/thread/ob3kjbnvu2usljmz
>
> I thought to add this effect to the description of "deployXML"
> attribute, but have not got there yet.
>
> Similarly, if someone has important bits in their META-INF/context.xml
> such as RemoteAddrValve and AccessLogValve, those will be ignored with
> this change. If those were not critical to one's web application and
> it starts successfully, it will lower their security,
Ah. That isn't good. I think it will be safer to introduce this change
only in 8.0.x. It can be documented in the migration guide. That sort of
change in a point release is going to catch people out.
Mark
>
> In TC7 changelog:
>> Host's <code>deloyXML</code> attribute to <code>false</code>.
>
> s/deloy/deploy/
>
> Best regards,
> Konstantin Kolinko
>
>> Modified:
>> tomcat/trunk/java/org/apache/catalina/core/StandardHost.java
>> tomcat/trunk/webapps/docs/config/host.xml
>> tomcat/trunk/webapps/docs/security-howto.xml
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1545213 - in /tomcat/trunk: java/org/apache/catalina/core/StandardHost.java
webapps/docs/config/host.xml webapps/docs/security-howto.xml
Posted by Konstantin Kolinko <kn...@gmail.com>.
2013/11/25 <ma...@apache.org>:
> Author: markt
> Date: Mon Nov 25 10:26:26 2013
> New Revision: 1545213
>
> URL: http://svn.apache.org/r1545213
> Log:
> When running under a security manager disabled deployXML by default.
>
+1.
Note, that
The manager application in its default configuration will stop working
There was a thread in October,
"can't connect to manager application"
http://markmail.org/thread/ob3kjbnvu2usljmz
I thought to add this effect to the description of "deployXML"
attribute, but have not got there yet.
Similarly, if someone has important bits in their META-INF/context.xml
such as RemoteAddrValve and AccessLogValve, those will be ignored with
this change. If those were not critical to one's web application and
it starts successfully, it will lower their security,
In TC7 changelog:
> Host's <code>deloyXML</code> attribute to <code>false</code>.
s/deloy/deploy/
Best regards,
Konstantin Kolinko
> Modified:
> tomcat/trunk/java/org/apache/catalina/core/StandardHost.java
> tomcat/trunk/webapps/docs/config/host.xml
> tomcat/trunk/webapps/docs/security-howto.xml
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org