Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
On Son, 2008-01-13 at 13:10 -0800, chdh wrote:
> > AccessControlException: access denied ... logging.properties read
>
> This is a consequence of the patch of /etc/tomcat5.5/policy.d/
> 03catalina.policy for CVE-2007-5342 (http://cve.mitre.org/cgi-bin/
> cvename.cgi?name=CVE-2007-5342).
>
> One possible solution is to undo the patch by adding "permission
> java.security.AllPermission;" to the permissions of "tomcat-juli.jar"
> in 03catalina.policy.
>
>
well reverting the security update isn't the way I want to go. Is there
either to go without the logging at all or a way to specifiy logging
without granting permissions all
Reply to: