https://issues.apache.org/bugzilla/show_bug.cgi?id=22405
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
On 19/01/2011 19:37, Rainer Jung wrote:
> Not tested with Java 6, but at least for Java 5 user.name still seems to
> return the real uid, not the effective one. So I expect under jsvc you
> will still get root as the result.
>
> See:
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4290712
On 19.01.2011 20:00, Mark Thomas wrote:
On 19/01/2011 18:53, Ian Darwin wrote:
On 01/19/11 13:47, Mark Thomas wrote:
On 19/01/2011 18:45, bugzi...@apache.org wrote:
https://issues.apache.org/bugzilla/show_bug.cgi?id=22405
--- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST ---
Created an
On 19/01/2011 18:53, Ian Darwin wrote:
> On 01/19/11 13:47, Mark Thomas wrote:
>> On 19/01/2011 18:45, bugzi...@apache.org wrote:
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=22405
>>>
>>> --- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST
>>> ---
>>> Created an attachment (id=2651
On 01/19/11 13:47, Mark Thomas wrote:
> On 19/01/2011 18:45, bugzi...@apache.org wrote:
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=22405
>>
>> --- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST
>> ---
>> Created an attachment (id=26519)
>> --> (https://issues.apache.org/bugzilla/
On 19/01/2011 18:45, bugzi...@apache.org wrote:
> https://issues.apache.org/bugzilla/show_bug.cgi?id=22405
>
> --- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST ---
> Created an attachment (id=26519)
> --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26519)
> Proposed patch for To
https://issues.apache.org/bugzilla/show_bug.cgi?id=22405
--- Comment #5 from Mark Thomas 2011-01-19 13:45:40 EST ---
Created an attachment (id=26519)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26519)
Proposed patch for Tomcat 7
This patch adds a new listener that checks the user
https://issues.apache.org/bugzilla/show_bug.cgi?id=22405
--- Comment #4 from Mark Thomas 2011-01-18 20:07:00 EST ---
The Tomcat 7 docs include a section on security considerations. I have expanded
the OS section for 7.0.7 to cover file permissions, umask etc.
I am still thinking about if/how to