subject:"cvs commit\: jakarta\-tomcat\-4.0\/catalina\/src\/conf catalina.policy"

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-10-01 Thread Jean-Francois Arcand


Hi Glenn,

your last addition seems, IMO, to open a security isssue with classes 
located under the o.a.c.util directory. Actually, maybe not for Tomcat 
4.1, but for 5.0, I have created a class called SecurityAudit.java that 
contains some security check. If we port your latest changes, this class 
will be exposed to malicious uses. Also, Is there a reason why we are 
giving the 

defineClassInPackage?


I think two solutions are available (1) move sensitive classes to 
another package (2) create a public package where we want to give 
access to some internal class.

What is your recommendation?

Thanks,

-- Jeanfrancois



[EMAIL PROTECTED] wrote:

glenn   2002/09/30 12:59:47

  Modified:catalina/src/conf catalina.policy
  Log:
  Allow defineClassInPackage for util due to Request Parametermap needs
  
  Revision  ChangesPath
  1.28  +3 -1  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- catalina.policy  8 Sep 2002 18:04:02 -   1.27
  +++ catalina.policy  30 Sep 2002 19:59:47 -  1.28
  @@ -121,6 +121,8 @@
 // Required for sevlets and JSP's
 permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.catalina.util;  
 permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.catalina.util.*;
  +  permission java.lang.RuntimePermission 
defineClassInPackage.org.apache.catalina.util;
  +  permission java.lang.RuntimePermission 
defineClassInPackage.org.apache.catalina.util.*;
   
 // Required for running servlets generated by JSPC
 permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.jasper.runtime;
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]


  



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-10-01 Thread Glenn Nielsen


Right, there are no security sensitive classes in Tomcat 4 o.a.c.util.

I advocated at one time identifying which packages within o.a.c contain
security sensitive code and which don't.  And documenting this so that
a security sensitive class doesn't get added to a package considered public.

For starters, o.a.c.util could be identified as a package where no
security sensitive classes can be located.

And with JSR 115 incorporating JAAS into J2EE, perhaps it would be best
to have a o.a.c.security package.

Regards,

Glenn

Jean-Francois Arcand wrote:
 Hi Glenn,
 
 your last addition seems, IMO, to open a security isssue with classes 
 located under the o.a.c.util directory. Actually, maybe not for Tomcat 
 4.1, but for 5.0, I have created a class called SecurityAudit.java that 
 contains some security check. If we port your latest changes, this class 
 will be exposed to malicious uses. Also, Is there a reason why we are 
 giving the 
 
 defineClassInPackage?
 
 
 I think two solutions are available (1) move sensitive classes to 
 another package (2) create a public package where we want to give 
 access to some internal class.
 
 What is your recommendation?
 
 Thanks,
 
 -- Jeanfrancois
 
 
 
 [EMAIL PROTECTED] wrote:
 
 glenn   2002/09/30 12:59:47

  Modified:catalina/src/conf catalina.policy
  Log:
  Allow defineClassInPackage for util due to Request Parametermap needs
  
  Revision  ChangesPath
  1.28  +3 -1  
 jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: 
 /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- catalina.policy8 Sep 2002 18:04:02 -1.27
  +++ catalina.policy30 Sep 2002 19:59:47 -1.28
  @@ -121,6 +121,8 @@
 // Required for sevlets and JSP's
 permission java.lang.RuntimePermission 
 accessClassInPackage.org.apache.catalina.util;  permission 
 java.lang.RuntimePermission 
 accessClassInPackage.org.apache.catalina.util.*;
  +  permission java.lang.RuntimePermission 
 defineClassInPackage.org.apache.catalina.util;
  +  permission java.lang.RuntimePermission 
 defineClassInPackage.org.apache.catalina.util.*;
   // Required for running servlets generated by JSPC
 permission java.lang.RuntimePermission 
 accessClassInPackage.org.apache.jasper.runtime;
  
  
  

 -- 
 To unsubscribe, e-mail:   
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: 
 mailto:[EMAIL PROTECTED]


  

 
 
 -- 
 To unsubscribe, e-mail:   
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: 
 mailto:[EMAIL PROTECTED]


-- 
--
Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder|
MOREnet System Programming   |  * if iz ina coment.  |
Missouri Research and Education Network  |  */   |
--


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-09-30 Thread glenn


glenn   2002/09/30 12:59:47

  Modified:catalina/src/conf catalina.policy
  Log:
  Allow defineClassInPackage for util due to Request Parametermap needs
  
  Revision  ChangesPath
  1.28  +3 -1  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- catalina.policy   8 Sep 2002 18:04:02 -   1.27
  +++ catalina.policy   30 Sep 2002 19:59:47 -  1.28
  @@ -121,6 +121,8 @@
 // Required for sevlets and JSP's
 permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.catalina.util;  
 permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.catalina.util.*;
  +  permission java.lang.RuntimePermission 
defineClassInPackage.org.apache.catalina.util;
  +  permission java.lang.RuntimePermission 
defineClassInPackage.org.apache.catalina.util.*;
   
 // Required for running servlets generated by JSPC
 permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.jasper.runtime;
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-09-08 Thread glenn


glenn   2002/09/08 11:04:02

  Modified:catalina/src/conf catalina.policy
  Log:
  Fix example web application grant codeBase
  
  Revision  ChangesPath
  1.27  +3 -3  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.26
  retrieving revision 1.27
  diff -u -r1.26 -r1.27
  --- catalina.policy   2 Sep 2002 13:37:22 -   1.26
  +++ catalina.policy   8 Sep 2002 18:04:02 -   1.27
  @@ -158,11 +158,11 @@
   // };
   //
   // The permission granted to your JDBC driver
  -// grant codeBase 
jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar {
  +// grant codeBase file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar {
   //   permission java.net.SocketPermission dbhost.mycompany.com:5432, connect;
   // };
   // The permission granted to the scrape taglib
  -// grant codeBase 
jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar {
  +// grant codeBase file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar {
   //   permission java.net.SocketPermission *.noaa.gov:80, connect;
   // };
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-09-02 Thread glenn


glenn   2002/09/02 06:37:22

  Modified:catalina/src/conf catalina.policy
  Log:
  Update policy for java 1.4, fix bug 12101
  
  Revision  ChangesPath
  1.26  +7 -1  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- catalina.policy   18 Aug 2002 00:56:09 -  1.25
  +++ catalina.policy   2 Sep 2002 13:37:22 -   1.26
  @@ -115,9 +115,15 @@
 permission java.util.PropertyPermission java.vm.name, read;
   
 // Required for getting BeanInfo
  +  permission java.lang.RuntimePermission accessClassInPackage.sun.beans;
 permission java.lang.RuntimePermission accessClassInPackage.sun.beans.*;
   
  +  // Required for sevlets and JSP's
  +  permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.catalina.util;  
  +  permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.catalina.util.*;
  +
 // Required for running servlets generated by JSPC
  +  permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.jasper.runtime;
 permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.jasper.runtime.*;
   
 // Required for OpenJMX
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-08-17 Thread glenn


glenn   2002/08/17 17:56:09

  Modified:catalina/src/conf catalina.policy
  Log:
  Cleanup policy for release
  
  Revision  ChangesPath
  1.25  +56 -56jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- catalina.policy   19 Jul 2002 12:38:34 -  1.24
  +++ catalina.policy   18 Aug 2002 00:56:09 -  1.25
  @@ -17,23 +17,23 @@
   
   // These permissions apply to javac
   grant codeBase file:${java.home}/lib/- {
  -permission java.security.AllPermission;
  +  permission java.security.AllPermission;
   };
   
   // These permissions apply to all shared system extensions
   grant codeBase file:${java.home}/jre/lib/ext/- {
  -permission java.security.AllPermission;
  +  permission java.security.AllPermission;
   };
   
   // These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
   grant codeBase file:${java.home}/../lib/- {
  -permission java.security.AllPermission;
  +  permission java.security.AllPermission;
   };
   
   // These permissions apply to all shared system extensions when
   // ${java.home} points at $JAVA_HOME/jre
   grant codeBase file:${java.home}/lib/ext/- {
  -permission java.security.AllPermission;
  +  permission java.security.AllPermission;
   };
   
   
  @@ -42,39 +42,39 @@
   
   // These permissions apply to the server startup code
   grant codeBase file:${catalina.home}/bin/bootstrap.jar {
  -permission java.security.AllPermission;
  +  permission java.security.AllPermission;
   };
   
   // These permissions apply to the servlet API classes
   // and those that are shared across all class loaders
   // located in the common directory
   grant codeBase file:${catalina.home}/common/- {
  -permission java.security.AllPermission;
  +  permission java.security.AllPermission;
   };
   
   // These permissions apply to the container's core code, plus any additional
   // libraries installed in the server directory
   grant codeBase file:${catalina.home}/server/- {
  -permission java.security.AllPermission;
  +  permission java.security.AllPermission;
   };
   
   // These permissions apply to the jasper page compiler.
   grant codeBase file:${catalina.home}/shared/lib/jasper-compiler.jar {
  -permission java.security.AllPermission;
  +  permission java.security.AllPermission;
   };
   
   // These permissions apply to the jasper JSP runtime
   grant codeBase file:${catalina.home}/shared/lib/jasper-runtime.jar {
  -permission java.security.AllPermission;
  +  permission java.security.AllPermission;
   };
   
   // These permissions apply to the privileged admin and manager web applications
   grant codeBase file:${catalina.home}/server/webapps/admin/WEB-INF/classes/- {
  -permission java.security.AllPermission;  
  +  permission java.security.AllPermission;  
   };
   
   grant codeBase file:${catalina.home}/server/webapps/admin/WEB-INF/lib/struts.jar {
  -permission java.security.AllPermission;  
  +  permission java.security.AllPermission;  
   };
   
   // == WEB APPLICATION PERMISSIONS =
  @@ -84,47 +84,47 @@
   // In addition, a web application will be given a read FilePermission
   // and JndiPermission for all files and directories in its document root.
   grant { 
  -// Required for JNDI lookup of named JDBC DataSource's and
  -// javamail named MimePart DataSource used to send mail
  -permission java.util.PropertyPermission java.home, read;
  -permission java.util.PropertyPermission java.naming.*, read;
  -permission java.util.PropertyPermission javax.sql.*, read;
  -
  -// OS Specific properties to allow read access
  - permission java.util.PropertyPermission os.name, read;
  - permission java.util.PropertyPermission os.version, read;
  - permission java.util.PropertyPermission os.arch, read;
  - permission java.util.PropertyPermission file.separator, read;
  - permission java.util.PropertyPermission path.separator, read;
  - permission java.util.PropertyPermission line.separator, read;
  -
  -// JVM properties to allow read access
  -permission java.util.PropertyPermission java.version, read;
  -permission java.util.PropertyPermission java.vendor, read;
  -permission java.util.PropertyPermission java.vendor.url, read;
  -permission java.util.PropertyPermission java.class.version, read;
  - permission java.util.PropertyPermission java.specification.version, read;
  - permission java.util.PropertyPermission java.specification.vendor, read;
  - permission

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-07-19 Thread glenn


glenn   2002/07/19 05:36:14

  Modified:catalina/src/conf Tag: tomcat_40_branch catalina.policy
  Log:
  Add permission required for JSPC servlets
  
  Revision  ChangesPath
  No   revision
  
  
  No   revision
  
  
  1.14.2.2  +4 -1  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.14.2.1
  retrieving revision 1.14.2.2
  diff -u -r1.14.2.1 -r1.14.2.2
  --- catalina.policy   6 Oct 2001 18:51:03 -   1.14.2.1
  +++ catalina.policy   19 Jul 2002 12:36:14 -  1.14.2.2
  @@ -110,6 +110,9 @@
   // Required for getting BeanInfo
   permission java.lang.RuntimePermission accessClassInPackage.sun.beans.*;
   
  +// Required for running servlets generated by JSPC
  +permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.jasper.runtime.*;
  +
// Allow read of JAXP compliant XML parser debug
permission java.util.PropertyPermission jaxp.debug, read;
   };
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-07-19 Thread glenn


glenn   2002/07/19 05:38:35

  Modified:catalina/src/conf catalina.policy
  Log:
  Add permission required for JSPC servlets
  
  Revision  ChangesPath
  1.24  +4 -1  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- catalina.policy   29 Apr 2002 20:24:57 -  1.23
  +++ catalina.policy   19 Jul 2002 12:38:34 -  1.24
  @@ -117,6 +117,9 @@
   // Required for getting BeanInfo
   permission java.lang.RuntimePermission accessClassInPackage.sun.beans.*;
   
  +// Required for running servlets generated by JSPC
  +permission java.lang.RuntimePermission 
accessClassInPackage.org.apache.jasper.runtime.*;
  +
   // Required for OpenJMX
   permission java.lang.RuntimePermission getAttribute;
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-04-29 Thread remm


remm02/04/29 13:24:57

  Modified:catalina/src/conf catalina.policy
  Log:
  - Modify the policy file according to the codebase change.
  
  Revision  ChangesPath
  1.23  +2 -2  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- catalina.policy   4 Mar 2002 15:12:48 -   1.22
  +++ catalina.policy   29 Apr 2002 20:24:57 -  1.23
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.22 2002/03/04 15:12:48 glenn Exp $
  +// $Id: catalina.policy,v 1.23 2002/04/29 20:24:57 remm Exp $
   // 
   
   
  @@ -73,7 +73,7 @@
   permission java.security.AllPermission;  
   };
   
  -grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/struts.jar!/- {
  +grant codeBase file:${catalina.home}/server/webapps/admin/WEB-INF/lib/struts.jar {
   permission java.security.AllPermission;  
   };
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-03-04 Thread glenn


glenn   02/03/04 07:12:48

  Modified:catalina/src/conf catalina.policy
  Log:
  Fix example grants fro webapp jar's
  
  Revision  ChangesPath
  1.22  +3 -3  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- catalina.policy   9 Feb 2002 18:31:25 -   1.21
  +++ catalina.policy   4 Mar 2002 15:12:48 -   1.22
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.21 2002/02/09 18:31:25 remm Exp $
  +// $Id: catalina.policy,v 1.22 2002/03/04 15:12:48 glenn Exp $
   // 
   
   
  @@ -149,11 +149,11 @@
   // };
   //
   // The permission granted to your JDBC driver
  -// grant codeBase 
file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/- {
  +// grant codeBase 
jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/- {
   //  permission java.net.SocketPermission dbhost.mycompany.com:5432, connect;
   // };
   // The permission granted to the scrape taglib
  -// grant codeBase 
file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/- {
  +// grant codeBase 
jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/- {
   //  permission java.net.SocketPermission *.noaa.gov:80, connect;
   // };
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-02-09 Thread remm


remm02/02/09 10:31:25

  Modified:catalina/src/conf catalina.policy
  Log:
  - Update policy files after moving Jasper around.
  - Also ran into a surprise problem with OpenJMX while testing (which of course lead 
me to believe
it was somehow related to me moving Jasper). Grant an extra permission to have it 
work.
  
  Revision  ChangesPath
  1.21  +4 -22 jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- catalina.policy   17 Jan 2002 00:28:15 -  1.20
  +++ catalina.policy   9 Feb 2002 18:31:25 -   1.21
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.20 2002/01/17 00:28:15 patrickl Exp $
  +// $Id: catalina.policy,v 1.21 2002/02/09 18:31:25 remm Exp $
   // 
   
   
  @@ -68,11 +68,6 @@
   permission java.security.AllPermission;
   };
   
  -// These permissions apply to the JNDI naming factory
  -grant codeBase file:${catalina.home}/shared/lib/naming-factory.jar {
  -permission java.security.AllPermission;
  -};
  -
   // These permissions apply to the privileged admin and manager web applications
   grant codeBase file:${catalina.home}/server/webapps/admin/WEB-INF/classes/- {
   permission java.security.AllPermission;  
  @@ -82,22 +77,6 @@
   permission java.security.AllPermission;  
   };
   
  -grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/jasper-compiler.jar!/- {
  -permission java.security.AllPermission;  
  -};
  -
  -grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/jasper-runtime.jar!/- {
  -permission java.security.AllPermission;
  -};
  -
  -grant codeBase 
jar:file:${catalina.home}/server/webapps/manager/WEB-INF/lib/jasper-compiler.jar!/- {
  -permission java.security.AllPermission;
  -};   
  -
  -grant codeBase 
jar:file:${catalina.home}/server/webapps/manager/WEB-INF/lib/jasper-runtime.jar!/- {
  -permission java.security.AllPermission;
  -};
  -
   // == WEB APPLICATION PERMISSIONS =
   
   
  @@ -137,6 +116,9 @@
   
   // Required for getting BeanInfo
   permission java.lang.RuntimePermission accessClassInPackage.sun.beans.*;
  +
  +// Required for OpenJMX
  +permission java.lang.RuntimePermission getAttribute;
   
// Allow read of JAXP compliant XML parser debug
permission java.util.PropertyPermission jaxp.debug, read;
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-01-16 Thread patrickl


patrickl02/01/16 16:28:15

  Modified:catalina/src/conf catalina.policy
  Log:
  Add AllPermissions to admin webapp's classes directory
  
  Revision  ChangesPath
  1.20  +9 -5  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- catalina.policy   14 Jan 2002 09:34:12 -  1.19
  +++ catalina.policy   17 Jan 2002 00:28:15 -  1.20
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.19 2002/01/14 09:34:12 patrickl Exp $
  +// $Id: catalina.policy,v 1.20 2002/01/17 00:28:15 patrickl Exp $
   // 
   
   
  @@ -74,15 +74,19 @@
   };
   
   // These permissions apply to the privileged admin and manager web applications
  -grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/jasper-compiler.jar!/- {
  +grant codeBase file:${catalina.home}/server/webapps/admin/WEB-INF/classes/- {
   permission java.security.AllPermission;  
   };
   
  -grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/jasper-runtime.jar!/- {
  -permission java.security.AllPermission;
  +grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/struts.jar!/- {
  +permission java.security.AllPermission;  
   };
   
  -grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/struts.jar!/- {
  +grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/jasper-compiler.jar!/- {
  +permission java.security.AllPermission;  
  +};
  +
  +grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/jasper-runtime.jar!/- {
   permission java.security.AllPermission;
   };
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2002-01-14 Thread patrickl


patrickl02/01/14 01:34:12

  Modified:catalina/src/conf catalina.policy
  Log:
  Add AllPermissions struts.jar in admin webapp since it was missing from the policy 
file.
  
  Revision  ChangesPath
  1.19  +5 -1  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- catalina.policy   27 Nov 2001 02:47:26 -  1.18
  +++ catalina.policy   14 Jan 2002 09:34:12 -  1.19
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.18 2001/11/27 02:47:26 patrickl Exp $
  +// $Id: catalina.policy,v 1.19 2002/01/14 09:34:12 patrickl Exp $
   // 
   
   
  @@ -79,6 +79,10 @@
   };
   
   grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/jasper-runtime.jar!/- {
  +permission java.security.AllPermission;
  +};
  +
  +grant codeBase 
jar:file:${catalina.home}/server/webapps/admin/WEB-INF/lib/struts.jar!/- {
   permission java.security.AllPermission;
   };
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2001-11-19 Thread glenn


glenn   01/11/19 05:51:03

  Modified:catalina/src/conf catalina.policy
  Log:
  Make the permissions for shared/lib explicit
  
  Revision  ChangesPath
  1.16  +14 -4 jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- catalina.policy   2001/10/06 18:45:51 1.15
  +++ catalina.policy   2001/11/19 13:51:03 1.16
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.15 2001/10/06 18:45:51 remm Exp $
  +// $Id: catalina.policy,v 1.16 2001/11/19 13:51:03 glenn Exp $
   // 
   
   
  @@ -58,11 +58,21 @@
   permission java.security.AllPermission;
   };
   
  -// These permissions apply to shared web application libraries
  -// including the Jasper page compiler installed in the shared/lib directory
  -grant codeBase file:${catalina.home}/shared/- {
  +// These permissions apply to the jasper page compiler.
  +grant codeBase file:${catalina.home}/shared/lib/jasper-compiler.jar {
   permission java.security.AllPermission;
   };
  +
  +// These permissions apply to the jasper JSP runtime
  +grant codeBase file:${catalina.home}/shared/lib/jasper-runtime.jar {
  +permission java.security.AllPermission;
  +};
  +
  +// These permissions apply to the JNDI naming factory
  +grant codeBase file:${catalina.home}/shared/lib/naming-factory.jar {
  +permission java.security.AllPermission;
  +};
  +
   
   // == WEB APPLICATION PERMISSIONS =
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2001-06-29 Thread glenn


glenn   01/06/29 11:01:14

  Modified:catalina/src/conf catalina.policy
  Log:
  Update policy for WebappClassLoader changes
  
  Revision  ChangesPath
  1.13  +4 -16 jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- catalina.policy   2001/06/22 20:36:29 1.12
  +++ catalina.policy   2001/06/29 18:01:09 1.13
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.12 2001/06/22 20:36:29 glenn Exp $
  +// $Id: catalina.policy,v 1.13 2001/06/29 18:01:09 glenn Exp $
   // 
   
   
  @@ -138,30 +138,18 @@
   // grant codeBase file:${catalina.home}/webapps/examples/- {
   //  permission java.net.SocketPermission dbhost.mycompany.com:5432, connect;
   //  permission java.net.SocketPermission *.noaa.gov:80, connect;
  -//
   // };
   //
   // The permissions granted to the context WEB-INF/classes directory
  -//
  -// Permissions granted to a web applications /WEB-INF/classes
  -// need to use the JNDI naming convention Tomcat 4 uses to identify
  -// these resources.  The naming convention is
  -// jndi:/virtual host name/web application directory/WEB-INF/classes/
  -//
  -// grant codeBase jndi:/localhost/examples/WEB-INF/classes/- {
  +// grant codeBase file:${catalina.home}/webapps/examples/WEB-INF/classes/- {
   // };
   //
  -// Permissions granted to a web applications /WEB-INF/lib
  -// need to use the JNDI naming convention Tomcat 4 uses to identify
  -// these resources.  The naming convention is
  -// jar:jndi:/virtual host name/web application directory/WEB-INF/lib/
  -//
   // The permission granted to your JDBC driver
  -// grant codeBase jar:jndi:/localhost/examples/WEB-INF/lib/driver.jar {
  +// grant codeBase 
file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/- {
   //  permission java.net.SocketPermission dbhost.mycompany.com:5432, connect;
   // };
   // The permission granted to the scrape taglib
  -// grant codeBase jar:jndi:localhost/webapps/examples/WEB-INF/lib/scrape.jar {
  +// grant codeBase 
file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/- {
   //  permission java.net.SocketPermission *.noaa.gov:80, connect;
   // };

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2001-06-29 Thread remm


remm01/06/29 14:53:45

  Modified:catalina/src/conf catalina.policy
  Log:
  - Package name typo fix.
Patch submitted by Gennis Emerson gemerson at acm.org
  
  Revision  ChangesPath
  1.14  +2 -2  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- catalina.policy   2001/06/29 18:01:09 1.13
  +++ catalina.policy   2001/06/29 21:53:43 1.14
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.13 2001/06/29 18:01:09 glenn Exp $
  +// $Id: catalina.policy,v 1.14 2001/06/29 21:53:43 remm Exp $
   // 
   
   
  @@ -85,7 +85,7 @@
   grant { 
   // Required for JNDI lookup of named JDBC DataSource's and
   // javamail named MimePart DataSource used to send mail
  -permission java.utim.PropertyPermission java.home, read;
  +permission java.util.PropertyPermission java.home, read;
   permission java.util.PropertyPermission java.naming.*, read;
   permission java.util.PropertyPermission javax.sql.*, read;

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2001-06-22 Thread glenn


glenn   01/06/22 13:36:30

  Modified:catalina/src/conf catalina.policy
  Log:
  Update for new JndiPermission
  
  Revision  ChangesPath
  1.12  +2 -2  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- catalina.policy   2001/04/25 17:02:10 1.11
  +++ catalina.policy   2001/06/22 20:36:29 1.12
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.11 2001/04/25 17:02:10 glenn Exp $
  +// $Id: catalina.policy,v 1.12 2001/06/22 20:36:29 glenn Exp $
   // 
   
   
  @@ -81,7 +81,7 @@
   
   // These permissions are granted by default to all web applications
   // In addition, a web application will be given a read FilePermission
  -// for all files and directories in its document root.
  +// and JndiPermission for all files and directories in its document root.
   grant { 
   // Required for JNDI lookup of named JDBC DataSource's and
   // javamail named MimePart DataSource used to send mail

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2001-04-11 Thread glenn


glenn   01/04/11 14:32:50

  Modified:catalina/src/conf catalina.policy
  Log:
  Update policy to support JNDI
  
  Revision  ChangesPath
  1.9   +23 -5 jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- catalina.policy   2001/04/09 00:23:32 1.8
  +++ catalina.policy   2001/04/11 21:32:50 1.9
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.8 2001/04/09 00:23:32 craigmcc Exp $
  +// $Id: catalina.policy,v 1.9 2001/04/11 21:32:50 glenn Exp $
   // 
   
   
  @@ -83,10 +83,13 @@
   // In addition, a web application will be given a read FilePermission
   // for all files and directories in its document root.
   grant { 
  - permission java.util.PropertyPermission "java.version", "read";
  - permission java.util.PropertyPermission "java.vendor", "read";
  - permission java.util.PropertyPermission "java.vendor.url", "read";
  - permission java.util.PropertyPermission "java.class.version", "read";
  +// Required for JNDI lookup of named JDBC DataSource's and
  +// javamail named MimePart DataSource used to send mail
  +permission java.utim.PropertyPermission "java.home", "read";
  +permission java.util.PropertyPermission "java.naming.*", "read";
  +permission java.util.PropertyPermission "javax.sql.*", "read";
  +
  +// OS Specific properties to allow read access
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
  @@ -94,6 +97,11 @@
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
   
  +// JVM properties to allow read access
  +permission java.util.PropertyPermission "java.version", "read";
  +permission java.util.PropertyPermission "java.vendor", "read";
  +permission java.util.PropertyPermission "java.vendor.url", "read";
  +permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
  @@ -104,6 +112,16 @@
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
  +
  +// Required for reading resources using JNDI lookup
  +permission java.io.FilePermission "jndi:/-", "read";
  +permission java.io.FilePermission "jar:jndi:/WEB-INF/lib/-", "read";
  +// Required for getting BeanInfo
  +permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.*";
  +// Requried for sending email
  +permission java.io.FilePermission "${java.home}${/}lib${/}ext${/}mail.jar", 
"read";
  +
  + // Allow read of JAXP compliant XML parser debug
permission java.util.PropertyPermission "jaxp.debug", "read";
   };

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2001-04-08 Thread craigmcc


craigmcc01/04/08 17:23:32

  Modified:catalina/src/conf catalina.policy
  Log:
  Add a property reading permission needed for JAXP.
  
  Revision  ChangesPath
  1.8   +2 -1  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- catalina.policy   2001/04/08 01:05:19 1.7
  +++ catalina.policy   2001/04/09 00:23:32 1.8
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.7 2001/04/08 01:05:19 craigmcc Exp $
  +// $Id: catalina.policy,v 1.8 2001/04/09 00:23:32 craigmcc Exp $
   // 
   
   
  @@ -104,6 +104,7 @@
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
  + permission java.util.PropertyPermission "jaxp.debug", "read";
   };

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2001-02-26 Thread glenn


glenn   01/02/26 19:18:15

  Modified:catalina/src/conf catalina.policy
  Log:
  Update policy for new lib/class file locations
  
  Revision  ChangesPath
  1.5   +15 -10jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- catalina.policy   2001/02/18 17:18:40 1.4
  +++ catalina.policy   2001/02/27 03:18:15 1.5
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.4 2001/02/18 17:18:40 glenn Exp $
  +// $Id: catalina.policy,v 1.5 2001/02/27 03:18:15 glenn Exp $
   // 
   
   
  @@ -29,20 +29,18 @@
   // == CATALINA CODE PERMISSIONS ===
   
   
  -// These permissions apply to the server startup code, and the servlet API
  -// classes that are shared across all class loaders
  +// These permissions apply to the server startup code
   grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
   permission java.security.AllPermission;
   };
   
  -grant codeBase "file:${catalina.home}/bin/servlet.jar" {
  +// These permissions apply to the servlet API classes
  +// and those that are shared across all class loaders
  +// located in the "common" directory
  +grant codeBase "file:${catalina.home}/common/-" {
   permission java.security.AllPermission;
   };
   
  -grant codeBase "file:${catalina.home}/bin/naming.jar" {
  -permission java.security.AllPermission;
  -};
  -
   // These permissions apply to the container's core code, plus any additional
   // libraries installed in the "server" directory
   grant codeBase "file:${catalina.home}/server/-" {
  @@ -50,16 +48,22 @@
   };
   
   // These permissions apply to the jasper page compiler
  +// located in the "jasper" directory.
   grant codeBase "file:${catalina.home}/jasper/-" {
   permission java.security.AllPermission;
   };
   
  -// These permissions apply to all extension libraries (including Jasper,
  -// if present) installed in the "lib" directory
  +// These permissions apply to shared web application libraries
  +// including the Jasper runtime library installed in the "lib" directory
   grant codeBase "file:${catalina.home}/lib/-" {
   permission java.security.AllPermission;
   };
   
  +// These permissions apply to shared web application classes
  +// located in the "classes" directory
  +grant codeBase "file:${catalina.home}/classes/-" {
  +permission java.security.AllPermission;
  +};
   
   // == WEB APPLICATION PERMISSIONS =
   
  @@ -90,6 +94,7 @@
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
permission java.io.FilePermission "jndi:/WEB-INF/-", "read";
  + permission java.io.FilePermission "jar:jndi:/WEB-INF/lib/-", "read";
   };
   
   
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

2001-02-18 Thread glenn


glenn   01/02/18 09:18:41

  Modified:catalina/src/conf catalina.policy
  Log:
  Update policy for Craig's jasper class loading changes
  
  Revision  ChangesPath
  1.4   +5 -1  jakarta-tomcat-4.0/catalina/src/conf/catalina.policy
  
  Index: catalina.policy
  ===
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/conf/catalina.policy,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- catalina.policy   2001/02/03 16:42:39 1.3
  +++ catalina.policy   2001/02/18 17:18:40 1.4
  @@ -8,7 +8,7 @@
   //
   // * Read access to the document root directory
   //
  -// $Id: catalina.policy,v 1.3 2001/02/03 16:42:39 glenn Exp $
  +// $Id: catalina.policy,v 1.4 2001/02/18 17:18:40 glenn Exp $
   // 
   
   
  @@ -49,6 +49,10 @@
   permission java.security.AllPermission;
   };
   
  +// These permissions apply to the jasper page compiler
  +grant codeBase "file:${catalina.home}/jasper/-" {
  +permission java.security.AllPermission;
  +};
   
   // These permissions apply to all extension libraries (including Jasper,
   // if present) installed in the "lib" directory
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

21 matches

Site Navigation

Mail list logo

Footer information