jfarcand 2002/10/15 13:44:45 Modified: catalina/src/share/org/apache/catalina/startup Catalina.java CatalinaService.java Log: Security Audit. Add protection for org.apache.coyote and org.apache.tomcat package. Revision Changes Path 1.6 +6 -6 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/Catalina.java Index: Catalina.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/Catalina.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- Catalina.java 11 Sep 2002 13:08:18 -0000 1.5 +++ Catalina.java 15 Oct 2002 20:44:45 -0000 1.6 @@ -488,7 +488,7 @@ else access = "sun.,"; Security.setProperty("package.access", - access + "org.apache.catalina.,org.apache.jasper."); + access + "org.apache.catalina.,org.apache.jasper.,org.apache.coyote., org.apache.tomcat."); String definition = Security.getProperty("package.definition"); if( definition != null && definition.length() > 0 ) definition += ","; @@ -497,7 +497,7 @@ Security.setProperty("package.definition", // FIX ME package "javax." was removed to prevent HotSpot // fatal internal errors - definition + "java.,org.apache.catalina.,org.apache.jasper."); + definition + "java.,org.apache.catalina.,org.apache.jasper.,org.apache.coyote., org.apache.tomcat."); } // Replace System.out and System.err with a custom PrintStream 1.5 +6 -6 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/CatalinaService.java Index: CatalinaService.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/CatalinaService.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- CatalinaService.java 21 Aug 2002 03:31:18 -0000 1.4 +++ CatalinaService.java 15 Oct 2002 20:44:45 -0000 1.5 @@ -273,7 +273,7 @@ else access = "sun.,"; Security.setProperty("package.access", - access + "org.apache.catalina.,org.apache.jasper."); + access + "org.apache.catalina.,org.apache.jasper.,org.apache.coyote.,org.apache.tomcat."); String definition = Security.getProperty("package.definition"); if( definition != null && definition.length() > 0 ) definition += ","; @@ -282,7 +282,7 @@ Security.setProperty("package.definition", // FIX ME package "javax." was removed to prevent HotSpot // fatal internal errors - definition + "java.,org.apache.catalina.,org.apache.jasper."); + definition + "java.,org.apache.catalina.,org.apache.jasper.,org.apache.coyote.,org.apache.tomcat."); } // Start the new server
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>