![]() |
|
|
|
|
Issue Type:
|
![Improvement]() Improvement
|
|
Assignee:
|
Logback dev list
|
|
Components:
|
logback-classic |
|
Created:
|
17/Apr/13 9:18 AM
|
|
Description:
|
Any code that can import org.slf4j.LoggerFactory or cast org.slf4j.Logger to the LOGBack Classic implementation ch.qos.logback.classic.Logger can alter the logging configuration by starting/stopping the LoggerContext, adding Listeners, adding/removing Appenders to Loggers, starting/stopping filters, etc.. In an environment where untrusted code is being executed, such as user-defined scripts, this possibility introduces a certain security risk as the logging configuration can be altered by anyone.
Example:
{code}
LoggerContext loggerContext = (LoggerContext) LoggerFactory.getILoggerFactory();
Logger rootLogger = loggerContext.getLogger(Logger.ROOT_LOGGER_NAME);
rootLogger.detachAndStopAllAppenders();
rootLogger.addAppender(myAppender);
{code}
This could be prevented by checking in security-sensitive methods of LoggerContext and Logger if the caller has a certain permission, e.g. a LoggingPermission with the required action (only if System.getSecurityManager() != null).
JUL has such a permission (java.util.logging.LoggingPermission) supporting currently only one action called "control". This JUL permission could be used as a template for designing a LOGBack specific one.
|
|
Project:
|
logback
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
Christian Brensing
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
_______________________________________________
logback-dev mailing list
[email protected]
http://mailman.qos.ch/mailman/listinfo/logback-dev
