tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remy Maucherat" <r...@apache.org>
Subject Re: [PROPOSAL] Tomcat 4.1 Security Changes
Date Mon, 26 Nov 2001 17:28:08 GMT
> Remy Maucherat wrote:

> > If you give the appropriate permissions to allow SSI and CGI, you're
> > actually giving AllPermissions anyway (since you're allowing a native
script
> > or executable to run, which is not constrained by the Java sandbox), so
I'm
> > missing the point here.
> >
>
> Yes, once control is handed over to a native executable from the CGI
servlet,
> all sandbox protections are lost.
> But perhaps the Tomcat admin only wants to allow the user to execute
specific CGI
> scripts which are known to be secure and can not be modified. By
configuring a
> policy for the CGI servlet the admin can restrict what CGI scripts can be
> read and executed using a FilePermission.

Yes, you could do that. That's still quite risky (any vulnerability in the
script itself, and your server is compromised).

> > This seems reasonable.
> > (Of course, it's going to break all the scripts yet again ;-))
>
> Which scripts?

- The Catalina scripts (obviously)
- The installer scripts
- My Slide build script

But it's ok, really. It's not like it's the first time or the last time it
happens ;-)
You can do the updates to the Catalina scripts, and I'll do the rest.

Remy


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message