Security manager is too restrictive by default.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat5.5 (Debian) |
Invalid
|
Undecided
|
Unassigned | ||
tomcat5.5 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: tomcat5.5
If we want to use the default Ubuntu packaging of Tomcat 5.5 server, we need to have less restrictive access on webapps folder and the shared/lib folder.
The Tomcat 5.5 server is launched by the tomcat5 user, so even if these restrictions are less important, the system will still be protected.
Indeed, it's a real hell today to install an web application which needs to right its log file /var/log/<appname>, simply because the security manager is too restrictive. New Tomcat users needs many times before finding the /etc/tomcat5.
So I hope that the providen patch will be applied on the /etc/tomcat5.
Changed in tomcat5.5: | |
status: | Unknown → Fix Committed |
Changed in tomcat5.5: | |
status: | Fix Committed → Fix Released |
I added a Debian bug that is about same/similar subject. You should probably send the patch directly there for a review and possible inclusion.