• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

much tighter security on new box

 
Pat Farrell
Rancher
Posts: 4660
5
Linux Mac OS X VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I've been deploying a Tomcat 5.5 app, JDK 1.5 and am getting a ton of security stops. This is on a fresh Debian Etch machine, I've run it on other Debian Etch systems, and can't figure out what is triggering the increased security.

Things like
by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)

when I try a simple 'System.getProperty("user.home")

which have always worked.

Clearly something is setting up tighter security. Pointers to where this is will be greatly appreciated.

Thanks
Pat
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you download and install Tomcat from their site or was this a Debian package that came with your distro?

If the latter, whoever packaged it probably configured it to run under a security manager.
 
Pat Farrell
Rancher
Posts: 4660
5
Linux Mac OS X VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't know the answer, probably just apt-get from some Debian package repository.

Clearly the security is high. And while security is important, its keeping me from even seeing if my code will run on this box.

I guess I need to figure out where it is turned on, loosen it for a bit, and get it working, then turn it secure, and track down stuff.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You'll have to do some digging to see how Tomcat is being started.

At some point the -security flag is being set.
This flag causes tomcat to be run under a security manager configured in tomcat/conf/catalina.policy. Either alter catalina.policy to loosen restrictions as needed, or remove the flag from the script that is starting Tomcat.

I use RPM and Debian packages (apt-get) for a lot of thing, but not Tomcat or Java. For Tomcat, I prefer to grab the most recent releases from http://tomcat.apache.org and keep the whole application in one directory.
I use the JDK from http://java.sun.com.
 
Pat Farrell
Rancher
Posts: 4660
5
Linux Mac OS X VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
found the line, its in /etc/init.d/tomcat5.5

The line is


Change it to
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic