geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Colasurdo <>
Subject Re: Geronimo JVM Configuration Portlet
Date Thu, 19 Jan 2006 15:46:45 GMT
Anyone who is managing their network from outside of the firewall really 
needs to be conscious of security exposures and should only allow access 
to the console with the ssl transport (https) and user authentication 
(hopefully with something other than system/manager).  We should add 
this to our security and admin console documentation.

I think the admin console should allow updates to JVM properties.. In 
fact, perhaps even add some input fields for some of the common 
parameters that Cristian mentioned in his original post.


Paul McMahan wrote:
> I definitely like the idea of adding this type of functionality to the 
> admin console.  A section of could be designated to JVM 
> variables settable via the admin console.  And by surrounding that 
> section with proper annotation we could probably avoid confusing the 
> user as to what gets set by whom and when.   However, my spidey sense 
> starts tingling when I think about accepting input from outside the 
> machine (and potentially outside the firewall) that is placed directly 
> into an script that may be executed with root/admin privileges.  No 
> matter how carefully we sanitize the input some clever person may figure 
> out some new fangled way to sneak a newline through or some such 
> mischief.  Perhaps there is a way to change (at least some of) the 
> properties of the JVM *after* it has been executed from the command 
> line?  But now we're back to allowing properties to be set in two places 
> again, doh!  :-)
> Best wishes,
> Paul
> On 1/18/06, *John Sisson* < 
> <>> wrote:
>     The startup script will execute a file if
>     it is present.  See the comments at the bottom of the comment header for
>     For example, the files can set the GERONIMO_OPTS
>     environment variable to change the JVM options.
>     We would want to avoid having two places that JVM options are configured
>     as that would be confusing and make Geronimo more difficult to support.
>     Maybe the console could have a page that allows you to
>     add/update/delete
>     environment variables, which results in the appropriate modifications to
>     the and setenv.bat files.  It would need to be careful with
>     updating/deleting environment variables, as a user may have inserted
>     some logic in the script before the environment variable is set (or the
>     environment variable could be in a number of places in the script due to
>     logic).  Maybe the console would need to detect whether the script has
>     anything other than the simple setting of environment variables and if
>     so, prevents you from editing it from the console.
>     It would be interesting to hear from others whether they think it is a
>     security issue allowing the console to edit bat/sh startup script files
>     (could malicious commands be inserted into the startup scripts).
>     John

View raw message