geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul McMahan <paulmcma...@gmail.com>
Subject Re: Geronimo JVM Configuration Portlet
Date Thu, 19 Jan 2006 14:33:53 GMT
I definitely like the idea of adding this type of functionality to the admin
console.  A section of setenv.sh/bat could be designated to JVM variables
settable via the admin console.  And by surrounding that section with proper
annotation we could probably avoid confusing the user as to what gets set by
whom and when.   However, my spidey sense starts tingling when I think about
accepting input from outside the machine (and potentially outside the
firewall) that is placed directly into an script that may be executed with
root/admin privileges.  No matter how carefully we sanitize the input some
clever person may figure out some new fangled way to sneak a newline through
or some such mischief.  Perhaps there is a way to change (at least some of)
the properties of the JVM *after* it has been executed from the command
line?  But now we're back to allowing properties to be set in two places
again, doh!  :-)

Best wishes,
Paul



On 1/18/06, John Sisson <jrsisson@gmail.com> wrote:
>
> The geronimo.sh/bat startup script will execute a setenv.sh/bat file if
> it is present.  See the comments at the bottom of the comment header for
> geronimo.sh/bat.
>
> For example, the setenv.sh/bat files can set the GERONIMO_OPTS
> environment variable to change the JVM options.
>
> We would want to avoid having two places that JVM options are configured
> as that would be confusing and make Geronimo more difficult to support.
>
> Maybe the console could have a page that allows you to add/update/delete
> environment variables, which results in the appropriate modifications to
> the setenv.sh and setenv.bat files.  It would need to be careful with
> updating/deleting environment variables, as a user may have inserted
> some logic in the script before the environment variable is set (or the
> environment variable could be in a number of places in the script due to
> logic).  Maybe the console would need to detect whether the script has
> anything other than the simple setting of environment variables and if
> so, prevents you from editing it from the console.
>
> It would be interesting to hear from others whether they think it is a
> security issue allowing the console to edit bat/sh startup script files
> (could malicious commands be inserted into the startup scripts).
>
> John
>
>

Mime
View raw message