cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup Catalina.java CatalinaService.java

Tue, 15 Oct 2002 13:19:34 -0700 

jfarcand    2002/10/15 13:44:45

  Modified:    catalina/src/share/org/apache/catalina/startup Catalina.java
                        CatalinaService.java
  Log:
  Security Audit. Add protection for org.apache.coyote and org.apache.tomcat package.
  
  Revision  Changes    Path
  1.6       +6 -6      
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/Catalina.java
  
  Index: Catalina.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/Catalina.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- Catalina.java     11 Sep 2002 13:08:18 -0000      1.5
  +++ Catalina.java     15 Oct 2002 20:44:45 -0000      1.6
  @@ -488,7 +488,7 @@
               else
                   access = "sun.,";
               Security.setProperty("package.access",
  -                access + "org.apache.catalina.,org.apache.jasper.");
  +                access + 
"org.apache.catalina.,org.apache.jasper.,org.apache.coyote., org.apache.tomcat.");
               String definition = Security.getProperty("package.definition");
               if( definition != null && definition.length() > 0 )
                   definition += ",";
  @@ -497,7 +497,7 @@
               Security.setProperty("package.definition",
                   // FIX ME package "javax." was removed to prevent HotSpot
                   // fatal internal errors
  -                definition + "java.,org.apache.catalina.,org.apache.jasper.");
  +                definition + 
"java.,org.apache.catalina.,org.apache.jasper.,org.apache.coyote., 
org.apache.tomcat.");
           }
   
           // Replace System.out and System.err with a custom PrintStream
  
  
  
  1.5       +6 -6      
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/CatalinaService.java
  
  Index: CatalinaService.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/CatalinaService.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- CatalinaService.java      21 Aug 2002 03:31:18 -0000      1.4
  +++ CatalinaService.java      15 Oct 2002 20:44:45 -0000      1.5
  @@ -273,7 +273,7 @@
               else
                   access = "sun.,";
               Security.setProperty("package.access",
  -                access + "org.apache.catalina.,org.apache.jasper.");
  +                access + 
"org.apache.catalina.,org.apache.jasper.,org.apache.coyote.,org.apache.tomcat.");
               String definition = Security.getProperty("package.definition");
               if( definition != null && definition.length() > 0 )
                   definition += ",";
  @@ -282,7 +282,7 @@
               Security.setProperty("package.definition",
                   // FIX ME package "javax." was removed to prevent HotSpot
                   // fatal internal errors
  -                definition + "java.,org.apache.catalina.,org.apache.jasper.");
  +                definition + 
"java.,org.apache.catalina.,org.apache.jasper.,org.apache.coyote.,org.apache.tomcat.");
           }
   
           // Start the new server
  
  
  

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to