https://issues.apache.org/bugzilla/show_bug.cgi?id=50156
--- Comment #2 from Eiji Takahashi <mashm...@gmail.com> 2010-10-26 04:20:00 EDT --- (In reply to comment #1) > (In reply to comment #0) > > If you specify "../log.txt" for a new filename, the existing log file is > > renamed to "<Tomcat boot directory>/../log.txt". > > And, rotate() overwrite other existing files, if tomcat startup user has the > > write permission on those files. > > And has permission to use JMX to manipulate Tomcat, which can lead to all > sorts > of disastrous results if used unwisely. If you have the privilege to modify > the Tomcat configuration, you are expected to do so responsibly. I agree, but a malicious user might do it. Therefore, I think that some kind of limitations are necessary. # restrict moving to some directory, or ignore the operation if the specified name exists. > > Note also that your patch prevents anyone from moving the log file(s) to some > directory other than the original - severely reducing flexibility. > > - Chuck An old patch was not correct. I will attach the patch. regards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org