Your message dated Thu, 26 Jul 2012 19:22:24 -0430
with message-id <20120726235224.ga18...@valeria.miguel.cc>
and subject line Re: Syntax error in catalina.sh -security: 
java.security.policy==
has caused the Debian Bug report #681971,
regarding Syntax error in catalina.sh -security: java.security.policy==
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
681971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681971
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tomcat6-common
Version: 6.0.35-1
Severity: grave
Tags: security

/usr/share/tomcat6/bin/catalina.sh line 276 reads

        -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \

The double = looks like a mistake. When running with -security, the
policy will not get loaded.

Admittedly, I haven't tested it here, but I figured I should still
file a bug because this just looks too obvious. If the second = is on
purpose there, some comment should document that.

Affected are both squeeze and unstable/testing.

Christoph
-- 
c...@df7cb.de | http://www.df7cb.de/

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message ---
On Wed, Jul 18, 2012 at 11:34:24AM +0200, Christoph Berg wrote:
> /usr/share/tomcat6/bin/catalina.sh line 276 reads
> 
>         -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
> 
> The double = looks like a mistake. When running with -security, the
> policy will not get loaded.
> 
> Admittedly, I haven't tested it here, but I figured I should still
> file a bug because this just looks too obvious. If the second = is on
> purpose there, some comment should document that.

Hi Christoph,

This doesn't look like a mistake to me.

In the documentation about Policy Files[1], at the subsection
"Specifying an Additional Policy File at Runtime" this setting is
described.


"If you use

    java -Djava.security.manager -Djava.security.policy==someURL SomeApp
(note the double equals) then just the specified policy file will be used; all 
the ones indicated in the security properties file will be ignored."


Cheers,


1. 
http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html

-- 
Miguel Landaeta, miguel at miguel.cc
secure email with PGP 0x6E608B637D8967E9 available at http://keyserver.pgp.com/
"Faith means not wanting to know what is true." -- Nietzsche

Attachment: signature.asc
Description: Digital signature


--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to