Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

To: debian-security <debian-security@lists.debian.org>
Subject: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
From: Nihil <nihil@nanihil.com>
Date: Mon, 14 Jan 2008 09:17:44 +0100
Message-id: <[🔎] 1200298664.2795.10.camel@localhost>
In-reply-to: <[🔎] 64ac5984-da1f-4825-8035-49aac7235b8a@v29g2000hsf.googlegroups.com>
References: <20080103215449.GA12756@galadriel.inutil.org> <[🔎] 1199525586.8906.7.camel@localhost> <[🔎] 64ac5984-da1f-4825-8035-49aac7235b8a@v29g2000hsf.googlegroups.com>

On Son, 2008-01-13 at 13:10 -0800, chdh wrote:
> > AccessControlException: access denied ... logging.properties read
> 
> This is a consequence of the patch of /etc/tomcat5.5/policy.d/
> 03catalina.policy for CVE-2007-5342 (http://cve.mitre.org/cgi-bin/
> cvename.cgi?name=CVE-2007-5342).
> 
> One possible solution is to undo the patch by adding "permission
> java.security.AllPermission;" to the permissions of "tomcat-juli.jar"
> in 03catalina.policy.
> 
> 
well reverting the security update isn't the way I want to go. Is there
either to go without the logging at all or a way to specifiy logging
without granting permissions all

Reply to:

References:
- Re: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
  - From: Nihil <nihil@nanihil.com>
- Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
  - From: chdh <chdh@inventec.ch>

Prev by Date: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Next by Date: How about carrying this list on gmane?
Previous by thread: Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Next by thread: Re: [SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code
Index(es):
- Date
- Thread