tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cmanola...@yahoo.com
Subject Security: printStackTrace :-)
Date Mon, 14 Aug 2000 19:22:58 GMT
If you remember the goal is to provide real security to tomcat, and 
that requires a lot of work and review before we can trust that a web 
application can do no harm in the same way an applet can't ( or
shouldn't).

One big problem was the recycling - there is a fix and I'll implement it
asap. ( the problem: a servlet can hold a reference to the
HttpServletRequest and read the request from other unrelated webapps).

A second problem: 

In Logger we do a printStackTrace for the original exception ( can be
ServletException ) and also on the "rootCause" exception ( using
getRootCause). This is a very useful information and feature, but it may
open a wrong door.

A web app may define a new Exception and redefine
printStackTrace() method. The method do display the exception is invoked
from ContextManager - so runs with webapp.jar priviledges. That mean an
un-trusted app might get more rights that it should.

We need to check if this is correct ( i.e. if this happens or the security
manager will run as untrusted if it detect untrusted code in the call
path, even if the original caller is trusted ) and if so to disable it.

Costin
( with a hacker hat )



Mime
View raw message