Bug#589864: tomcat5.5: Missing security policy prevents proper logging when used with Sun's JVM

Ralph Plawetzki ralph at plawetzki.net
Wed Jul 21 18:24:44 UTC 2010 

Package: tomcat5.5
Version: 5.5.26-5
Severity: grave
Justification: renders package unusable


Hello,

I am not sure if I missed something, but couldn't find a bug report for
this, although this is a known problem to the package maintainer and
also solved with tomcat6. Debian took over the fix from Ubuntu (see
Launchpad Bug #410379).

Installing tomcat5.5 in stable (stable still lacks tomcat6) comes with
the securitymanager enabled – which is good – but the policy shipped by
default prevents logging from working correctly.

In conjunction with the JVM from Sun the policy 
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
 permission java.lang.RuntimePermission "setContextClassLoader";
};

is missing and leads to many syslog entries and missing logs in
/var/log/tomcat5.5/.

Why is this small pice of code not added to a policy file yet?

Thank you.

Regards,
Ralph


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages tomcat5.5 depends on:
ii  adduser              3.110               add and remove users and groups
ii  gij-4.3 [java2-runti 4.3.2-2             The GNU Java bytecode interpreter
ii  java-gcj-compat [jav 1.0.78-2            Java runtime environment using GIJ
ii  java-gcj-compat-head 1.0.78-2            Java runtime environment using GIJ
ii  jsvc                 1.0.2~svn20061127-9 wrapper to launch Java application
ii  libecj-java          3.3.0+0728-9        Eclipse Java compiler (library)
ii  libtomcat5.5-java    5.5.26-5            Java Servlet engine -- core librar
ii  sun-java6-jre [java2 6-20-0lenny1        Sun Java(TM) Runtime Environment (

tomcat5.5 recommends no packages.

Versions of packages tomcat5.5 suggests:
ii  gij-4.3 [java-virtual- 4.3.2-2           The GNU Java bytecode interpreter
ii  java-gcj-compat [java- 1.0.78-2          Java runtime environment using GIJ
ii  java-gcj-compat-headle 1.0.78-2          Java runtime environment using GIJ
ii  libapache2-mod-jk      1:1.2.26-2+lenny1 Apache 2 connector for the Tomcat 
ii  sun-java6-jre [java-vi 6-20-0lenny1      Sun Java(TM) Runtime Environment (
pn  tomcat5.5-admin        <none>            (no description available)
pn  tomcat5.5-webapps      <none>            (no description available)

-- no debconf information

More information about the pkg-java-maintainers mailing list