tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@voyager.apg.more.net>
Subject Re: Logging separation
Date Thu, 27 Jun 2002 00:07:18 GMT
costinm@covalent.net wrote:
> 
> On Wed, 26 Jun 2002, Ceki Gülcü wrote:
> 
> > A difficulty I encountered while implementing the solution outlined in
> > http://qos.ch/containers/sc.html is the difference of TCL while the the
> > static class initializer of a servlet class is executed and the TCL while a
> > servlet is running. There are two distinct TCLs. (I've tried this on Tomcat 3).
> 
> That's very strange - Jdk12Interceptor is setting the TCL before
> init/destroy/service, and it should be the same.
> 
> What code are you using ?
> 
> Regarding the document - it looks great. One missing part is how the
> JMX part of log4j will name it's objects ( i.e. the Hierarchy must
> have a name ). The container should be able to set this name when
> it creates the hierarchy ( with  "vhost:/cpath" for example ).
> 
> BTW, I will try to implement this at the coyote level, since this
> is likely to be usefull for 3.3, 4.x and 5.0. It will require
> the ADD_CONTEXT callback to work ( that's needed for jk autoconf
> anyway ), and probably few other small changes.
> 
> One important issue not covered in the document - the possible
> interaction with the sandbox. If log4j is in the common path,
> it'll probably have high permissions. I assume you don't use
> doPriviledged() in the code, but you probably use some
> queue or similar code - and that may potentially get code to
> be executed with the container permissions, possibly
> allowing untrusted servlets to do bad things.
> 
> On the same line, it is very likely log4j will not work
> in the sandbox without a doPriviledged() unless the webapps
> have write permission to log/.
> 
> Glenn is much better at explaining all this - but it's a serious
> issue.

I like Ceki's proposal.  And once the supporting code is in Tomcat I can
run the code with strict permissions and evaluate what changes are
needed so that it works well with the Java SecurityManager.

Regards,

Glenn

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message