Jean-Francois Arcand wrote:
Hi,testing package protection, I have come to the following conclusion: Packages that we can protect against access ---------------------------------------------- o.a.catalina o.a.jasper o.a.jsp o.a.jk Packages that we can protect against definition ---------------------------------------------- o.a.catalina o.a.jasper o.a.jsp o.a.jk o.a.coyote Package that could be protected, but need to change: ------------------------------------------------------- o.a.naming
Naming is designed to be secure as is, and shouldn't need protection.
The implementations are protected by facades which have no useful methods for an attacker.o.a.coyote
o.a.tomcat.util
I think this is safe too.
I don't think being paranoid would be very useful given that there are facades which are supposed to get the job done. Of course, I'm not the one making the audit, so I don't know for sure.If we decide to fully protect o.a.coyote, that means that every calls to CoyoteRequestFacade and CoyoteResponseFacade will need to runs under a doPrivilege blocks (every call that use o.a.tomcat.util). Then o.a.tomcat.util could be protected (only if o.a.coyote is). I made a wrong recommendation last week when I said that o.a.coyote can be protected (rule #1 test using the jakarta workspace, not with your local workspace). Testing with basic servlet prove me the contrary (see 4.1.13 release notes....guilty!). I've committed in both Tomcat 4 and 5 the proper protection configuration. I would like to have recommendations based on which package should be protected. Based on the list I will audit package that stay unprotected.
Remy
--
To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
