On 09/11/2022 00:28, Christopher Schultz wrote:
Mark,
On 11/8/22 12:41, Mark Thomas wrote:
On 08/11/2022 16:52, Christopher Schultz wrote:
Mark,
Wouldn't it be "safer" to have this doPrivileged be an "opt-out"
permission rather than an "opt-in" permission?
Good question.
Nobody is going to know that they need to enable this options in
order to get "proper protection".
Until they see the exception.
It will be an ugly permission error, and they'll assume their
SecurityManager hasn't been configured properly. If we could throw an
error saying "you should enable this system property if you need to use
Tomcat EL in this way" than it would be nice. But we can't. :/
I think we might be able to do that. I'll test it.
This change is not exactly backward-compatible. It may break people
who are otherwise happily using the Tomcat EL package by requiring
them to add a system property to get it to work.
I think the doPrivileged should be present /by default/ and the
preference should be opt-out if only to maintain
backward-compatibility. Evidently, only one user on the planet needs
to disable this privilege re-acquisition.
No test case was every provided for BZ 62080. I suspect it was a
theoretical issue rather than one observed in real code.
The performance issue is an issue for everyone using a SecurityManager.
Another factor I considered is that the SecurityManager is deprecated
and support for it is likely to be removed in Jakarta EE 11.
I went for disabled by default because I thought that was the best
solution for the majority - possible all - users.
I think we should mention this in the "Notable Changes" section of the UG.
Makes sense.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org