i must have broke something in my 4.1.10 build, because I was able to use symlinks without a problem
Turner, John wrote: >Not sure, I haven't jumped to 4.1.10+ yet except for miscellaneous testing. > > >The symlink issue was discussed in a fair amount of detail within the last >week on this list, as it apparently caught some people by surprise (those >who needed symlinks ended up with broken apps when moving to 4.1.10). >Apparently 4.1.11 (and I assume 4.1.12) have the ability to turn this on and >off, while 4.1.10 just has them off, period. > >http://marc.theaimsgroup.com/?l=tomcat-user&m=103239739330385&w=2 > >John > > > >>-----Original Message----- >>From: Denny Chambers [mailto:[EMAIL PROTECTED]] >>Sent: Thursday, September 26, 2002 12:40 PM >>To: Tomcat Users List >>Subject: Re: Symlinks >> >> >>Where is this turned off at? The server I tested against was >>4.1.10, but >>I did change the server.xml file, so if it is in there I >>guess I could >>have messed it up. Also, I did not start the server with a -security >>option, does that matter? >> >>Thanks, >>Denny >> >>Turner, John wrote: >> >> >> >>>Symlinks are off by default in 4.1.10 and higher. Check the >>> >>> >>online release >> >> >>>notes for more information. >>> >>>John >>> >>> >>> >>> >>> >>> >>>>-----Original Message----- >>>>From: Denny Chambers [mailto:[EMAIL PROTECTED]] >>>>Sent: Thursday, September 26, 2002 12:30 PM >>>>To: Tomcat Users List >>>>Subject: Symlinks >>>> >>>> >>>>Hi All, >>>> >>>> Is there any way to tell Tomcat to not follow symlinks? >>>>If not how >>>>can I protect my server against malicious symlinks? Is the >>>>java.io.FilePermissions smart enough to figure these out? >>>> >>>>For example if I give read access only to directory "foo" >>>> >>>> >>through the >> >> >>>>java.io.FilePermissions, but inside of "foo", there is a >>>> >>>> >>symlink that >> >> >>>>points to a file "bar", which really exists outside of the >>>> >>>> >>directory >> >> >>>>"foo". Is the Security Manager smart enough to catch this. >>>> >>>>I have also found that while I can't see a WEB-INF >>>> >>>> >>directory from the >> >> >>>>browser using a URL like so: >>>> >>>> http://myserver:8080/myapp/WEB-INF/, >>>> >>>>I can create a symlink in $CATALINA_HOME/webapp/myapp/ which >>>>points to a >>>>WEB-INF directory, then I can see that directory as plane >>>> >>>> >>as day. How >> >> >>>>can you protect your server from these sort of things. >>>> >>>>Thanks, >>>>Denny >>>> >>>> >>>>-- >>>>To unsubscribe, e-mail: >>>><mailto:[EMAIL PROTECTED]> >>>>For additional commands, e-mail: >>>><mailto:[EMAIL PROTECTED]> >>>> >>>> >>>> >>>> >>>> >>>-- >>>To unsubscribe, e-mail: >>> >>> ><mailto:[EMAIL PROTECTED]> > > >>For additional commands, e-mail: >> >> ><mailto:[EMAIL PROTECTED]> > > >> >> >> >> > > > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
