Summary: | Better handling of Manager.randomFile default value on Windows | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | Konstantin Kolinko <knst.kolinko> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 6.0.35 | ||
Target Milestone: | default | ||
Hardware: | PC | ||
OS: | Windows XP | ||
Attachments: |
2012-09-05_tc6_53830.patch
2012-09-05_tc6_53830_v2.patch 2012-09-05_tc55_53830_v2.patch |
Description
Konstantin Kolinko
2012-09-05 08:07:20 UTC
Created attachment 29329 [details]
2012-09-05_tc6_53830.patch
Patch for Tomcat 6
Created attachment 29330 [details]
2012-09-05_tc6_53830_v2.patch
Corrected patch.
1) Properly close old randomIS stream when setRandomFile() is called at runtime to replace the random file.
2) Documentation: The attribute is now documented both for StandardManager and for PersistentManager.
Created attachment 29331 [details]
2012-09-05_tc55_53830_v2.patch
Patch for Tomcat 5.5
RE:documentation of the attribute name, Jeffrey reported that setting the "randomFile" attribute on the <Manager> had no effect: /dev/urandom was still used. I'm not sure why that was (it could have been a misconfiguration), but please check that setting "randomFile" actually has an effect. (In reply to comment #4) > RE:documentation of the attribute name, Jeffrey reported that setting the > "randomFile" attribute on the <Manager> had no effect: /dev/urandom was > still used. I'm not sure why that was (it could have been a > misconfiguration), but please check that setting "randomFile" actually has > an effect. Regarding 6.0.35: I do not know why it did not work for Jeffrey. http://markmail.org/message/4zfhs6fii6vb7pf4 a) A known issue is that if the value is a non-existent file, then in 6.0.35 setting the value would not have much effect. ManagerBase silently accepts the file name and then it will try to reopen it, like it does with the default value of /dev/urandom. Anyway, whether the value was set can be confirmed via JMX. b) Maybe a typo, or it was set in a wrong place? For 6.0.35 and earlier running on Windows I would suggest to set randomFile attribute to point to an existing file, containing 8 bytes. The initial 8 bytes are read during readLong() call in setRandomFile(). Having a non-empty file avoids logging an IOException there. An attempt to read more bytes in ManagerBase#getRandomBytes() will result in IOException, which will be caught and will set the devRandomSource field to null. Using a longer file is not recommended, as it will affect the randomness of session ids. Regarding 6.0 + patch, I tested setting the value a) Using JMX b) In conf/context.xml: <Manager randomFile="${catalina.base}/conf/server.xml"/> In conf/logging.properties: org.apache.catalina.session.ManagerBase.level=FINE In logs/catalina.2012-09-05.log the following is logged: 05.09.2012 22:45:17 org.apache.catalina.session.ManagerBase doSetRandomFile FINE: Opening C:\[redacted]/conf/server.xml Fixed in 5.5.x and will be included in 5.5.36 onwards. Fixed in 6.0.x and will be included in 6.0.36 onwards. |