Hosting Provided By

Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

From: Nihil <nihil(at)nanihil.com>
Date: Mon Jan 14 2008 - 03:17:44 EST

On Son, 2008-01-13 at 13:10 -0800, chdh wrote:
> > AccessControlException: access denied ... logging.properties read
>
> This is a consequence of the patch of /etc/tomcat5.5/policy.d/
> 03catalina.policy for CVE-2007-5342 (http://cve.mitre.org/cgi-bin/
> cvename.cgi?name=CVE-2007-5342).
>
> One possible solution is to undo the patch by adding "permission
> java.security.AllPermission;" to the permissions of "tomcat-juli.jar"
> in 03catalina.policy.
>
>

well reverting the security update isn't the way I want to go. Is there either to go without the logging at all or a way to specifiy logging without granting permissions all

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Mon Jan 14 03:20:01 2008

This message: [ Message body ]
Next message: Johannes Graumann: "How about carrying this list on gmane?"
Previous message: Moritz Muehlenhoff: "Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities"
In reply to: chdh: "Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:14 EDT