geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-3837) allowLinking Tomcat atttibute in StandardContext not configurable through Geronimo
Date Mon, 11 Feb 2008 21:42:09 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-3837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12567826#action_12567826
] 

Vamsavardhana Reddy commented on GERONIMO-3837:
-----------------------------------------------

http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

If the value of this flag is true, symlinks will be allowed inside the web application, pointing
to resources outside the web application base path. If not specified, the default value of
the flag is false.

NOTE: This flag MUST NOT be set to true on the Windows platform (or any other OS which does
not have a case sensitive filesystem), as it will disable case sensitivity checks, allowing
JSP source code disclosure, among other security problems.

> allowLinking Tomcat  atttibute in StandardContext not configurable through Geronimo
> -----------------------------------------------------------------------------------
>
>                 Key: GERONIMO-3837
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3837
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 2.0.2, 2.0.x, 2.1, 2.2
>         Environment: G 2.0.2 Tomcat on Linux
>            Reporter: Vamsavardhana Reddy
>            Assignee: Vamsavardhana Reddy
>             Fix For: 2.0.x, 2.1.1, 2.2
>
>
> Tomcat provides an allowLinking attribute in the StandardContext which when set to true
will enable tomcat running on Linux platform to serve paths associated with the symbolic links.
 Configuring this attribute through Geronimo is not possible currently. Link to a query posted
on user-list is given below.
> http://www.mail-archive.com/user@geronimo.apache.org/msg08509.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message