Bug#461355: tomcat5.5: More restrictive JULI permissions break java.util.logging.
Alexander Hvostov
alex at aoi.dyndns.org
Sun Jan 20 07:46:47 UTC 2008
On Saturday 19 January 2008, Marcus Better wrote:
> If the user creates that file then the security exception still gets
> thrown, so it would be very confusing to pretend the file doesn't
> exist. I'm not too happy about this idea.
In that case, we would need to grant FilePermission to read the
logging.properties file in the appropriate place in each Web application
directory.
To do this automatically, Tomcat would most likely have to provide a
custom java.security.Policy implementation that, in addition to granting
permissions defined by the configured security policy, also grants read
access to each webapp's own logging.properties file.
I'm afraid this is a far bigger project than I'm willing to take on, but
perhaps someone among the Apache folks will do it, so why not forward
this bug upstream?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20080119/e8265ffd/attachment.pgp
More information about the pkg-java-maintainers
mailing list