Just a guess off the cuff, but what happens if you make cmd =
{"/usr/bin/gunzip", "-f", file2};Also, it might be easier to use the internal zip classes, rather than using exec, but that's another point.
Sam Seaver wrote:
Mr. Weller,> Mr. Weller, >
Mr Seaver,
> I have fully attempted to restrict my JSP page's ability to read and write > files. my catalina.policy section currently looks like this: > > grant { > permission java.io.FilePermission "<<ALL FILES>>", "read"; > permission java.io.FilePermission "<<ALL FILES>>", "write"; > permission java.io.FilePermission "<<ALL FILES>>", "execute"; > }; > > this is obviously dangerous, and I have done everything in the "<<ALL > FILES>>" section to get catalina to restrict the file privileges to a couple > of specific directories, such as: > > "/home/seaver/-" > > starting up catalina with the security manager produces no problem, but the > files im trying to write, refuse to be written, as if they can't be written > anywhere. > > With the "<<ALL FILES" token, it DOES work, so I must be missing something > here? >
For example, I have a bean, that after downloading a compressed file, uses the unix program 'gunzip' to uncompress it:
String[] cmd = {"gunzip", "-f", file2}; Process proc = Runtime.getRuntime().exec(cmd); BufferedWriter output = new BufferedWriter(new OutputStreamWriter(proc.getOutputStream())); BufferedReader input = new BufferedReader(new InputStreamReader(proc.getInputStream())); BufferedReader error = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
blah blah.
in my catalina.policy file I have this following section:
grant { permission java.io.FilePermission "<<ALL FILES>>", "read"; permission java.io.FilePermission "<<ALL FILES>>", "write"; permission java.io.FilePermission "/bin/gunzip", "execute"; permission java.io.FilePermission "/usr/bin/gunzip", "execute"; };
As you can see I am currently restricing ANY execution to the possible gunzip file my bean could be using.
The catalina.out log file indeed logs the failure in execution in the method that's trying to use gunzip..
Mar 20, 2003 1:52:23 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 80 java.security.AccessControlException: access denied (java.io.FilePermission <<ALL FILES>> execute) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401) at java.lang.SecurityManager.checkPermission(SecurityManager.java:542) at java.lang.SecurityManager.checkExec(SecurityManager.java:799) at java.lang.Runtime.exec(Runtime.java:563) at java.lang.Runtime.exec(Runtime.java:491) at java.lang.Runtime.exec(Runtime.java:457) at edu.northwestern.ls.monster.UploadBean2.pdbDownload(UploadBean2.java:283)
But that's besides the question, WHY does the execution of gunzip fail when i have it safely listed in catalina.policy??
Thanks Sam
_________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
