tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 4138] - HttpProcessor threads have inconsistent ClassLoader state
Date Sat, 13 Oct 2001 00:14:19 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4138>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4138

HttpProcessor threads have inconsistent ClassLoader state





------- Additional Comments From ruvinsky@yahoo.com  2001-10-12 17:14 -------
Remy, thanks for such a prompt response!  This is not a pressing issue for me,
but I thought I would report it anyway.  The reason why I suspect that it seems
like a security issue is that there are moments in time that an HttpProcessor
thread has a WebappClassLoader attached to it that belongs to the context
associated with the previous request.  If a new class needed to be loaded by the
HttpProcessor, for example, the previous context's WebappClassLoader would first
try to load it, then pass the load request to its parent ClassLoader.  If that
webapp happened to have that class (yes, a remote chance), it is possible for
the WebappClassLoader to load it from the webapp itself.  Please let me know if
I can further clarify.  Thanks.

Mime
View raw message