glenn 01/12/25 17:21:24
Modified: . README.txt RUNNING.txt
Log:
JVM Temporary Directory (java.io.tmpdir property) security patch
----------------------------------------------------------------
The java.io.File.createTempFile() methods use the property
java.io.tmpdir for the location of the directory where the JVM
places temporary files. If this property doesn't exist,
/tmp or /var/tmp gets used on unix systems or c:\\temp on WIN32 systems.
This default directory is the same directory that all applications
can use for temporary files. Sharing the same system temporary
directory between Tomcat and other applications could be a security
risk if sensitive data is stored there by other applications.
If you run Tomcat with the SecurityManager enabled you would have to
grant Tomcat a FilePermission with read, write, and delete for the
temporary directory.
This series of patches enables the use of a temporary directory
located at $CATALINA_BASE/temp so that Tomcat's use of the temporary
directory is isolated from the rest of the system.
Revision Changes Path
1.19 +3 -1 jakarta-tomcat-4.0/README.txt
Index: README.txt
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/README.txt,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- README.txt 2001/11/19 14:36:58 1.18
+++ README.txt 2001/12/26 01:21:23 1.19
@@ -1,4 +1,4 @@
-$Id: README.txt,v 1.18 2001/11/19 14:36:58 glenn Exp $
+$Id: README.txt,v 1.19 2001/12/26 01:21:23 glenn Exp $
The Tomcat 4.0 Servlet/JSP Container
====================================
@@ -31,6 +31,8 @@
included with Tomcat 4.0
work/ Scratch directory used by Tomcat for holding
temporary files and directories
+ temp/ Directory used by JVM for temporary files
+ (java.io.tmpdir)
If you wish to build the Tomcat server from a source distribution,
please consult the documentation in "BUILDING.txt".
1.4 +3 -1 jakarta-tomcat-4.0/RUNNING.txt
Index: RUNNING.txt
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/RUNNING.txt,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- RUNNING.txt 2001/12/01 07:35:46 1.3
+++ RUNNING.txt 2001/12/26 01:21:24 1.4
@@ -1,4 +1,4 @@
-$Id: RUNNING.txt,v 1.3 2001/12/01 07:35:46 remm Exp $
+$Id: RUNNING.txt,v 1.4 2001/12/26 01:21:24 glenn Exp $
Running The Tomcat 4.0 Servlet/JSP Container
@@ -120,6 +120,8 @@
* webapps - Automatically loaded web applications
* work - Temporary working directories for web applications
+
+* temp - Directory used by the JVM for temporary files (java.io.tmpdir)
If you do not set CATALINA_BASE to an explicit value, it will be initialized
to the same value as is set for CATALINA_HOME (which means that the same
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
