> Currently, all supporting jar files for servlets which come with Tomcat 4 > are placed in the $CATALINA_HOME/server/lib directory with the Tomcat 4 > core jar files. This is a potential security problem because the default > catalina.policy grants AllPermission to all jar files located in > $CATALINA_HOME/server/lib. I don't think the default policy for these > servlets should be AllPermission. Especially for the SSI and CGI servlets.
If you give the appropriate permissions to allow SSI and CGI, you're actually giving AllPermissions anyway (since you're allowing a native script or executable to run, which is not constrained by the Java sandbox), so I'm missing the point here. > To make the default catalina.policy more secure and make configuring security > policies easier, I recommend the following changes: > > 1. Create $CATALINA_HOME/servlets/lib and $CATALINA_HOME/servlets/classes. > This is where global servlets provided with Tomcat 4 can be installed. > > 2. Move the following jar files into $CATALINA_HOME/servlets/lib > > servlets-cgi.renametojar > servlets-common.jar > servlets-default.jar > servlets-invoker.jar > servlets-manager.jar > servlets-snoop.jar > servlets-ssi.jar This one is disabled by default too. > servlets-webdav.jar > > 3. Update the class loader creation in Bootstrap.java for the catalina loader > to look for jar files and classes in $CATALINA_HOME/servlets in addition > to $CATALINA_HOME/server. > > 4. Update the default catalina.policy so that it provides explicit > permissions for each jar file in $CATALINA_HOME/servlets/lib. > > 5. Update the documentation regarding the above changes. > > Please vote +1 so I can implement the above changes. This seems reasonable. (Of course, it's going to break all the scripts yet again ;-)) Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>