IMO sealing is the best protection against insertion,
and using URLClassLoader ( or making sure all the checks from
URLClassLoader are reproduced ).
I agree, this is a potential risk - as untrusted code may access
package fields. So far I don't see any, but better to be sure.
Costin
Jean-Francois Arcand wrote:
> HI,
>
> is somebody aware why package org.apache.coyote.* and
> org.apache.tomcat.* are not protected againts package insertion/access
> in Catalina.java. What is the reasons? Actually, classes are not
> available to a Webapp (the Classloader is taking care of it) but when
> Tomcat is embedded in an app container (or when there is a special
> Classloader), those classes are available :-(
>
> Actually, we only protect the following package:
>
> if( System.getSecurityManager() != null ) {
> String access = Security.getProperty("package.access");
> if( access != null && access.length() > 0 )
> access += ",";
> else
> access = "sun.,";
> Security.setProperty("package.access",
> access + "org.apache.catalina.,org.apache.jasper.");
> String definition =
> Security.getProperty("package.definition"); if( definition !=
> null && definition.length() > 0 )
> definition += ",";
> else
> definition = "sun.,";
> Security.setProperty("package.definition",
> // FIX ME package "javax." was removed to prevent HotSpot
> // fatal internal errors
> definition +
> "java.,org.apache.catalina.,org.apache.jasper.");
> }
>
> Thanks,
>
> -- Jeanfrancois
--
Costin
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
