Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 257376 - www-servers/tomcat-6.0.18-r2 overwrites sensitive Files in webapps/ROOT
Summary: www-servers/tomcat-6.0.18-r2 overwrites sensitive Files in webapps/ROOT
Status: RESOLVED DUPLICATE of bug 180519
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: AMD64 Linux
: High major (vote)
Assignee: Java team
Depends on:
Reported: 2009-02-02 12:21 UTC by Phillip Merensky
Modified: 2009-02-02 18:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Phillip Merensky 2009-02-02 12:21:58 UTC
The Ebuild silently overwrites ROOT/WEB-INF/web.xml, ROOT/favicon.ico and maybe other files in a ROOT application. 

Reproducible: Always

Steps to Reproduce:
1. Install Tomcat 6 with a ROOT Web application present 
2. web.xml and favicon.ico will be overwritten

Actual Results:  
This is very dangerous, because your ROOT web application will not work any longer if your  ROOT/WEB-INF/web.xml is different than the default one (which it obviously is in most cases).

Expected Results:  
The Ebuild must check if webapps/ROOT ist present and skip the copying if it is (see attachment).

I am currently working on a solution which will be attached to this bug in the next hours.
Comment 1 Marijn Schouten (RETIRED) gentoo-dev 2009-02-02 12:32:58 UTC
simply list the files in CONFIG_PROTECT?
Comment 2 Phillip Merensky 2009-02-02 13:03:13 UTC
This would be a solution for me personally. But in my opinion the ebuild should do this for the default webapps location. 
As I am new to Ebuild writing I do not know if there is a possibility to update CONFIG_PROTECT from an ebuild.
Sensitive Files should not be overwritten automatically. Or am I wrong here?
Comment 3 Phillip Merensky 2009-02-02 13:50:29 UTC
Maybe 254526 would be the solution?
Comment 4 Mike Weissman 2009-02-02 15:42:19 UTC
This is a duplicate of bug#180519

I have been testing a fix for this in [java-experimental] tomcat-r4 has the fix.


Does NOT contain the fix this this, that bug is dedicate for configuration for Netbeans. 

Comment 5 Alistair Bush (RETIRED) gentoo-dev 2009-02-02 18:04:23 UTC
If its a dup,  lets close it as one.

*** This bug has been marked as a duplicate of bug 180519 ***