Your message dated Thu, 26 Jul 2012 19:22:24 -0430 with message-id <20120726235224.ga18...@valeria.miguel.cc> and subject line Re: Syntax error in catalina.sh -security: java.security.policy== has caused the Debian Bug report #681971, regarding Syntax error in catalina.sh -security: java.security.policy== to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 681971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681971 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: tomcat6-common Version: 6.0.35-1 Severity: grave Tags: security /usr/share/tomcat6/bin/catalina.sh line 276 reads -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \ The double = looks like a mistake. When running with -security, the policy will not get loaded. Admittedly, I haven't tested it here, but I figured I should still file a bug because this just looks too obvious. If the second = is on purpose there, some comment should document that. Affected are both squeeze and unstable/testing. Christoph -- c...@df7cb.de | http://www.df7cb.de/
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---On Wed, Jul 18, 2012 at 11:34:24AM +0200, Christoph Berg wrote: > /usr/share/tomcat6/bin/catalina.sh line 276 reads > > -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \ > > The double = looks like a mistake. When running with -security, the > policy will not get loaded. > > Admittedly, I haven't tested it here, but I figured I should still > file a bug because this just looks too obvious. If the second = is on > purpose there, some comment should document that. Hi Christoph, This doesn't look like a mistake to me. In the documentation about Policy Files[1], at the subsection "Specifying an Additional Policy File at Runtime" this setting is described. "If you use java -Djava.security.manager -Djava.security.policy==someURL SomeApp (note the double equals) then just the specified policy file will be used; all the ones indicated in the security properties file will be ignored." Cheers, 1. http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html -- Miguel Landaeta, miguel at miguel.cc secure email with PGP 0x6E608B637D8967E9 available at http://keyserver.pgp.com/ "Faith means not wanting to know what is true." -- Nietzsche
Description: Digital signature
--- End Message ---
