registry team mailing list archive
-
registry team
-
Mailing list archive
-
Message #06998
[Bug 591802] Re: tomcat fails to start using a security manager
** Description changed:
Binary package hint: tomcat6
Using tomcat6 package version 6.0.24-2ubuntu, after editing
/etc/default/tomcat6 to set TOMCAT6_SECURITY=yes, Tomcat breaks on
startup with (in catalina.out):
Using CATALINA_BASE: /var/lib/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /tmp/tomcat6-tmp
Using JRE_HOME: /usr/lib/jvm/java-6-openjdk
Using CLASSPATH: /usr/share/tomcat6/bin/bootstrap.jar
Using Security Manager
Exception in thread "main" java.lang.ExceptionInInitializerError
- at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
- at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
- at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
- at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
+ at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
+ at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
+ at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
+ at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.config.class read)
- at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
- at java.security.AccessController.checkPermission(AccessController.java:553)
- at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
- at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
- at java.lang.System.getProperty(System.java:669)
- at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
- ... 4 more
+ at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
+ at java.security.AccessController.checkPermission(AccessController.java:553)
+ at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
+ at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
+ at java.lang.System.getProperty(System.java:669)
+ at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
+ ... 4 more
Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit.
-
- The problem is that -Djava.security.policy is being set twice, firstly in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), secondly in /usr/share/tomcat6/bin/catalina.sh to $CATALINA_BASE/conf/catalina.policy (an invalid path). Unfortunately the second takes precedence, and so no policy file is actually used.
+ The problem is that -Djava.security.policy is being set twice, firstly
+ in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct),
+ secondly in /usr/share/tomcat6/bin/catalina.sh to
+ $CATALINA_BASE/conf/catalina.policy (an invalid path). Unfortunately
+ the second takes precedence, and so no policy file is actually used.
To fix this, I suggest patching catalina.sh to change
'conf/catalina.policy' references to 'work/catalina.policy'. It would
also be good to remove the explicit setting of -Djava.security.manager
and -Djava.security.policy from the init.d script, since it is done
anyway in the init script. I've attached two patches for this.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: tomcat6 6.0.24-2ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Thu Jun 10 01:14:40 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100427.1)
PackageArchitecture: all
ProcEnviron:
- PATH=(custom, user)
- LANG=en_US.utf8
- SHELL=/bin/bash
+ PATH=(custom, user)
+ LANG=en_US.utf8
+ SHELL=/bin/bash
SourcePackage: tomcat6
+
+ == SRU Report ==
+ Impact:
+ Regression for users of TOMCAT6_SECURITY=yes, that won't work after upgrading to Lucid.
+
+ Development branch fix:
+ 6.0.26-4 has this fix, and a sync request to 6.0.26-5 was filed (bug 599265)
+
+ Minimal patch:
+ See attached at comment 9.
+
+ TEST CASE:
+ $ sudo apt-get install tomcat6
+ $ sudo sed -i "s/#TOMCAT6_SECURITY=no/TOMCAT6_SECURITY=yes/" /etc/default/tomcat6
+ $ sudo service tomcat6 restart
+ Affected = FAIL
+ Fixed = PASS
+
+ Regression potential:
+ The patch only affects the options used when TOMCAT6_SECURITY=yes, and the current duplicated options prevent it from working completely.
** Attachment added: "Minimal SRU patch"
http://launchpadlibrarian.net/51412745/patch
--
tomcat fails to start using a security manager
https://bugs.launchpad.net/bugs/591802
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.