[Bug 591802] Re: tomcat fails to start using a security manager
** Tags added: testcase -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in Ubuntu. https://bugs.launchpad.net/bugs/591802 Title: tomcat fails to start using a security manager To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/591802/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Tags added: verification-done ** Tags removed: verification-needed -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
This bug was fixed in the package tomcat6 - 6.0.26-5 --- tomcat6 (6.0.26-5) unstable; urgency=medium * Convert patches to dep3 format. * Backport security fix from trunk to fix CVE-2010-1157. (Closes: #587447) * Set urgency to medium due to the security fix. tomcat6 (6.0.26-4) unstable; urgency=low [ Thierry Carrez ] * Fix issues preventing from running Tomcat6 with a security manager: - debian/tomcat6.init: Remove duplicate securitymanager options. - debian/patches/catalina-sh-security-manager.patch: Use the right location for the security.policy file in catalina.sh. - Closes: #585379, LP: #591802. Thanks to Jeff Turner for the original patches and to Adam Guthrie for the Lucid debdiff. * Allow binding to any interface when using authbind, rather than only allow binding to all (LP: #594989) * Force backgrounding of catalina.sh in start-stop-daemon, to allow the init script to be started through ssh -t (LP: #588481) [ Torsten Werner ] * Remove Paul from Uploaders list. -- Thierry Carrez thierry.car...@ubuntu.com Tue, 13 Jul 2010 17:56:11 +0100 ** Changed in: tomcat6 (Ubuntu) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1157 -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
This bug was fixed in the package tomcat6 - 6.0.24-2ubuntu1.2 --- tomcat6 (6.0.24-2ubuntu1.2) lucid-proposed; urgency=low * Fix issues preventing from running Tomcat6 with a security manager: - debian/tomcat6.init: Remove duplicate securitymanager options. - debian/patches/catalina-sh-security-manager.patch: Use the right location for the security.policy file in catalina.sh. - Closes LP: #591802. Thanks to Jeff Turner for the original patches and to Adam Guthrie for the Lucid debdiff. -- Thierry Carrez thierry.car...@ubuntu.com Mon, 05 Jul 2010 14:54:47 +0200 ** Changed in: tomcat6 (Ubuntu Lucid) Status: Fix Committed = Fix Released -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
Changes accepted in debian in 6.0.24-4 ** Tags added: patch-accepted-debian ** Tags removed: patch-forwarded-debian -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
-proposed package passes test case on my 10.04 i686 desktop. -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
Accepted tomcat6 into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: tomcat6 (Ubuntu Lucid) Status: Confirmed = Fix Committed ** Tags added: verification-needed -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Branch linked: lp:ubuntu/lucid-proposed/tomcat6 -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Changed in: tomcat6 (Ubuntu Lucid) Status: Triaged = In Progress -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Description changed: Binary package hint: tomcat6 Using tomcat6 package version 6.0.24-2ubuntu, after editing /etc/default/tomcat6 to set TOMCAT6_SECURITY=yes, Tomcat breaks on startup with (in catalina.out): Using CATALINA_BASE: /var/lib/tomcat6 Using CATALINA_HOME: /usr/share/tomcat6 Using CATALINA_TMPDIR: /tmp/tomcat6-tmp Using JRE_HOME:/usr/lib/jvm/java-6-openjdk Using CLASSPATH: /usr/share/tomcat6/bin/bootstrap.jar Using Security Manager Exception in thread main java.lang.ExceptionInInitializerError - at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171) - at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243) - at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298) - at org.apache.catalina.startup.Bootstrap.clinit(Bootstrap.java:55) + at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171) + at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243) + at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298) + at org.apache.catalina.startup.Bootstrap.clinit(Bootstrap.java:55) Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.config.class read) - at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) - at java.security.AccessController.checkPermission(AccessController.java:553) - at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) - at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) - at java.lang.System.getProperty(System.java:669) - at org.apache.juli.logging.DirectJDKLog.clinit(DirectJDKLog.java:43) - ... 4 more + at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) + at java.security.AccessController.checkPermission(AccessController.java:553) + at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) + at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) + at java.lang.System.getProperty(System.java:669) + at org.apache.juli.logging.DirectJDKLog.clinit(DirectJDKLog.java:43) + ... 4 more Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit. - - The problem is that -Djava.security.policy is being set twice, firstly in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), secondly in /usr/share/tomcat6/bin/catalina.sh to $CATALINA_BASE/conf/catalina.policy (an invalid path). Unfortunately the second takes precedence, and so no policy file is actually used. + The problem is that -Djava.security.policy is being set twice, firstly + in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), + secondly in /usr/share/tomcat6/bin/catalina.sh to + $CATALINA_BASE/conf/catalina.policy (an invalid path). Unfortunately + the second takes precedence, and so no policy file is actually used. To fix this, I suggest patching catalina.sh to change 'conf/catalina.policy' references to 'work/catalina.policy'. It would also be good to remove the explicit setting of -Djava.security.manager and -Djava.security.policy from the init.d script, since it is done anyway in the init script. I've attached two patches for this. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: tomcat6 6.0.24-2ubuntu1 ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2 Uname: Linux 2.6.32-22-generic i686 NonfreeKernelModules: nvidia Architecture: i386 Date: Thu Jun 10 01:14:40 2010 InstallationMedia: Ubuntu 10.04 LTS Lucid Lynx - Release i386 (20100427.1) PackageArchitecture: all ProcEnviron: - PATH=(custom, user) - LANG=en_US.utf8 - SHELL=/bin/bash + PATH=(custom, user) + LANG=en_US.utf8 + SHELL=/bin/bash SourcePackage: tomcat6 + + == SRU Report == + Impact: + Regression for users of TOMCAT6_SECURITY=yes, that won't work after upgrading to Lucid. + + Development branch fix: + 6.0.26-4 has this fix, and a sync request to 6.0.26-5 was filed (bug 599265) + + Minimal patch: + See attached at comment 9. + + TEST CASE: + $ sudo apt-get install tomcat6 + $ sudo sed -i s/#TOMCAT6_SECURITY=no/TOMCAT6_SECURITY=yes/ /etc/default/tomcat6 + $ sudo service tomcat6 restart + Affected = FAIL + Fixed = PASS + + Regression potential: + The patch only affects the options used when TOMCAT6_SECURITY=yes, and the current duplicated options prevent it from working completely. ** Attachment added: Minimal SRU patch http://launchpadlibrarian.net/51412745/patch -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list
[Bug 591802] Re: tomcat fails to start using a security manager
Uploaded to lucid-proposed, waiting for acceptation. ** Changed in: tomcat6 (Ubuntu Lucid) Status: In Progress = Confirmed -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Branch linked: lp:debian/sid/tomcat6 -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Changed in: tomcat6 (Ubuntu) Status: Triaged = Fix Committed -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
The changes look right to me as well, if the policy file we're trying to use is in the work/ directory. The init.d script should not set -Djava.security.manager nor -Djava.security.policy because those are indeed set by catalina.sh whenever catalina.sh is invoked with -security. Thanks guys! -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
Fix committed to debian-java SVN, will push a Lucid SRU for it. ** Changed in: tomcat6 (Ubuntu) Assignee: (unassigned) = Thierry Carrez (ttx) ** Changed in: tomcat6 (Ubuntu Lucid) Assignee: (unassigned) = Thierry Carrez (ttx) -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
Adam: thanks for your work in producing a debdiff out of Jeff's patch ! This needs to be fixed in maverick (development release) and also in lucid (as a Stable Release Update). You debdiff is a mix of the two, since it's targeted to lucid. It should either be 6.0.24-2ubuntu1.2 targeted to lucid-proposed, or 6.0.26-2ubuntu1 targeted to maverick. The autogenerated quilt patch could also use some comments to replace autogenerated boilerplate. Ideally, Debian will accept the patch and release a fixed version, we'll sync maverick to that and backport the fix to Lucid, so there is no need to prepare a maverick-specific fix. ** Changed in: tomcat6 (Ubuntu) Importance: Undecided = High ** Changed in: tomcat6 (Ubuntu) Status: Confirmed = Triaged ** Also affects: tomcat6 (Ubuntu Lucid) Importance: Undecided Status: New ** Changed in: tomcat6 (Ubuntu Lucid) Status: New = Triaged ** Changed in: tomcat6 (Ubuntu Lucid) Importance: Undecided = High -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Patch added: Quilt patch to fix the security policy location in the init.d script http://launchpadlibrarian.net/50021809/fix-securitypolicy-location.patch ** Attachment added: Dependencies.txt http://launchpadlibrarian.net/50018111/Dependencies.txt -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Patch added: Patch to fix debian/tomcat6.init so it doesn't redundantly set security manager params http://launchpadlibrarian.net/50021843/tomcat6.init.patch -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Tags added: patch -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
I've confirmed using 6.0.24-2ubuntu1 on 10.04 ** Changed in: tomcat6 (Ubuntu) Status: New = Confirmed -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
I've tested the patch and they seem to work. -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Patch added: tomcat6_6.0.24-2ubuntu2.debdiff http://launchpadlibrarian.net/50039553/tomcat6_6.0.24-2ubuntu2.debdiff -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Bug watch added: Debian Bug tracker #585379 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585379 ** Also affects: tomcat6 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585379 Importance: Unknown Status: Unknown ** Tags added: patch-forwarded-debian -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 591802] Re: tomcat fails to start using a security manager
** Changed in: tomcat6 (Debian) Status: Unknown = New -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs