Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 33178 invoked by uid 500); 2 Apr 2001 22:45:24 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: tomcat-dev@jakarta.apache.org Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 33169 invoked from network); 2 Apr 2001 22:45:23 -0000 Sender: glenn@zathras.earthdome.org Message-ID: <3AC9014D.3016924E@voyager.apg.more.net> Date: Mon, 02 Apr 2001 17:46:37 -0500 From: Glenn Nielsen X-Mailer: Mozilla 4.74 [en] (X11; U; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: tomcat-dev@jakarta.apache.org Subject: Re: CGI support servlet (TC 4) -- feedback wanted References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N "Craig R. McClanahan" wrote: > > On Mon, 2 Apr 2001, Amy Roh wrote: > > > Hi Martin, > > > > See comments below. > > > > Martin Dengler wrote: > > > > > > 2) Addition to default context > > > > > > Would this CGI servlet be added to the default context similar to > > > SsiInvokerServlet? > > > > Yes. > > > > I would suggest that we do this, but leave it commented out. The reason > is that the potential for mischief is *much* larger when we are talking > about executing outside programs instead of just displaying content back > to a web browser. I vote for making the Tomcat sysadmin have to enable > this feature explicitly if they want it. > > Once we implement the #exec functionality in SSI, the same argument would > apply here -- unless we added a config option to disable the #exec by > default but left everything else alone. > > An alternative (possibly additional) approach would be to tweak the > security manager properties so that executing external programs is *not* > allowed by default. That way, we could leave these two servlets defined > in the conf/web.xml file, but they won't be able to cause damage. > I agree that SSI and CGI should not be enabled by default. Setting security policies for use by the SecurityManager is based on the codebase (jar file) the class is loaded from. Catalina and Jasper need more permissions than a web application. To enable the ability for fine grained security policies servlets would need to be packaged in their own jar files. I can see having webdav, ssi, cgi, and manager servlets broken out with each one having their own jar file so different security policies can be set for each servlet. Regards, Glenn ---------------------------------------------------------------------- Glenn Nielsen glenn@more.net | /* Spelin donut madder | MOREnet System Programming | * if iz ina coment. | Missouri Research and Education Network | */ | ----------------------------------------------------------------------