tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 8275] - ContextConfig.start() attempts to create a $CATALINA_BASE/temp/ directory
Date Thu, 18 Apr 2002 23:53:57 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8275>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8275

ContextConfig.start() attempts to create a $CATALINA_BASE/temp/ directory

dlr@finemaltcoding.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |VERIFIED



------- Additional Comments From dlr@finemaltcoding.com  2002-04-18 23:53 -------
I see, so that's where it was hiding.  ;-)

I can't guess why this issue wasn't encountered with our snapshot from
2002/01/24, but Glenn's CVS log for revision 1.4 of RUNNING.txt (2001/12/26)
provides a reasonable explanation:

JVM Temporary Directory (java.io.tmpdir property) security patch
----------------------------------------------------------------

The java.io.File.createTempFile() methods use the property
java.io.tmpdir for the location of the directory where the JVM
places temporary files.  If this property doesn't exist,
/tmp or /var/tmp gets used on unix systems or c:\\temp on WIN32 systems.

This default directory is the same directory that all applications
can use for temporary files.  Sharing the same system temporary
directory between Tomcat and other applications could be a security
risk if sensitive data is stored there by other applications.

If you run Tomcat with the SecurityManager enabled you would have to
grant Tomcat a FilePermission with read, write, and delete for the
temporary directory.

This series of patches enables the use of a temporary directory
located at $CATALINA_BASE/temp so that Tomcat's use of the temporary
directory is isolated from the rest of the system.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message