Very cool -- could you/someone point me to the fix for future reference?
Remy Maucherat wrote: >>Anyone working on this (or should I start)? >> > > That's already been done (and integrated in 4.0.1). > > >>[EMAIL PROTECTED] wrote: >> >> >>>On Sat, 13 Oct 2001, Pier Fumagalli wrote: >>> >>> >>> >>>>On Friday, October 12, 2001, at 07:57 pm, <[EMAIL PROTECTED]> wrote: >>>> >>>> >>>>>BTW, the CGI problem doesn't seem to be resolved, it should be >>>>>mentioned >>>>>in the release notes ( for people who use sandbox - including a >>>>>workaround >>>>>maybe ) >>>>> >>>>> >>>>What was the CGI problem? I don't see it in BugZilla, I might have >>>>lost it in the void of my vacation? >>>> >>>> >>>It was discussed some time ago on tomcat-dev - if you run tomcat >>>in sandbox mode ( and assume that you can deploy webapps in >>>a secure way, like applets in a browser ) you'll have a bad surprise - >>>the webapps will be indeed restricted to what the policy file says, with >>>one exception - that they'll be able to execute arbitrary programs ( by >>>declaring the cgi/ssi servlet, adding a mapping and an exe in >>>the WEB-INF ). >>> >>>( BTW, I hope the fix will be ported to various apps that include tomcat >>>as well, especially those using sandbox - most j2ee impl. do that... ) >>> > > Remy > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
