[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 Mark Thomaschanged: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #11 from Mark Thomas --- It has been a while so I've applied my patch for this. Fixed in: - trunk for 9.0.0.M27 onwards - 8.5.x for 8.5.21 onwards - 8.0.x for 8.0.47 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 --- Comment #10 from Mark Thomas--- A slightly bigger hint: JULI cannot have any external dependencies. The "Does this file exist?" test needs to happen in a privileged block. That privileged block needs to be located in a class in a JAR that has full privs (i.e. CATALINA_BASE/lib). You need a way to call into a that class from JULI. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 --- Comment #9 from Coty Sutherland--- I've been meaning to circle back to this (and a few others...) but haven't been able to make time just yet. I do recall being a bit confused by your last hint because I couldn't see the correlation between how WebappProperties was used and what I should be doing. Care to drop another hint? If you want to push the patch you have ready, you can commit it and I'll just review what you did and maybe do something similar next time :) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 --- Comment #8 from Mark Thomas--- Coty, I have a patch for this but I thought you might want to figure this out for yourself. If you want another hint (or just want me to apply my patch), let me know. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 --- Comment #7 from Mark Thomas--- There is a way to do this. Hint: Take a look at org.apache.juli.WebappProperties and how it is used. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 --- Comment #6 from Mark Thomas--- It fails because the call originates in JULI and JULI doesn't have permissions to read the file. All the Privileged block does is stop the security manager also checking that all of the callers up the stack also have permission to read the file. An alternative approach will be required. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 --- Comment #5 from Coty Sutherland--- Created attachment 35077 --> https://bz.apache.org/bugzilla/attachment.cgi?id=35077=edit First attempt Here's my first attempt at checking whether or not the file exists before logging. The problem with this is that the privileged block is still failing checkPermission. I'm not quite sure how to fix it as I modeled my change after some other doPrivileged calls in the same class. The only difference is that I'm returning a value to check later in the readConfiguration method instead of Void. Can anyone point me in the right direction? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 --- Comment #4 from Coty Sutherland--- (In reply to Mark Thomas from comment #2) > I was thinking add a privileged block that tested if the file existed and > don't trigger the warning if it doesn't. Note I haven't dug into the code to > see hwo easy this would be yet. +1, that's what I was hoping for. I haven't played much with privileged blocks, but I can try and mock up a quick patch to do that. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 --- Comment #3 from Coty Sutherland--- (In reply to Konstantin Kolinko from comment #1) > 1. From your logs, you are running Tomcat 8.5.15. I am changing the Version > field to match that. I tested with 8.5.x too, apparently I copied the wrong logs. > 2. Generally, this is a feature. > The message text tells one to look into the catalina.policy file, > and there is a comment there that explains the issue. Like I said, the message is accurate however the file that it's warning about doesn't exist. This could cause users to see a warning in the log file that needs to be fixed when in fact there is no problem. > > Any ideas how to improve users' experience here? > > Allowing to read some random logging.properties files is not an option, > as it is insecure. I'm not sure what you're after here. I don't want anyone to be able to read the file :) I want the warning message to be conditional based on whether or not the file actually exists. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 --- Comment #2 from Mark Thomas--- I was thinking add a privileged block that tested if the file existed and don't trigger the warning if it doesn't. Note I haven't dug into the code to see hwo easy this would be yet. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 Konstantin Kolinkochanged: What|Removed |Added Version|8.5.x-trunk |8.5.15 --- Comment #1 from Konstantin Kolinko --- 1. From your logs, you are running Tomcat 8.5.15. I am changing the Version field to match that. 2. Generally, this is a feature. The message text tells one to look into the catalina.policy file, and there is a comment there that explains the issue. "// Note: To enable per context logging configuration" ... https://svn.apache.org/viewvc/tomcat/tc8.5.x/tags/TOMCAT_8_5_15/conf/catalina.policy?view=markup#l93 Any ideas how to improve users' experience here? Allowing to read some random logging.properties files is not an option, as it is insecure. - An idea: Add an explanation of this issue to Documentation and change message text to tell users to read that documentation page as well. http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file
https://bz.apache.org/bugzilla/show_bug.cgi?id=61210 Coty Sutherlandchanged: What|Removed |Added Component|Util|JULI -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org