tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerome "Lacoste (Frisurf)" <lacos...@frisurf.no>
Subject Re: cvs commit: jakarta-tomcat-connectors/jk/xdocs/jk workershowto.xml
Date Fri, 03 Jan 2003 14:47:52 GMT
On Fri, 2003-01-03 at 12:52, Tim Funk wrote:
> wname is the worker name. This name is the name of the worker as defined 
> in the JK property config file. Eg:
> 
> worker.tomcat1.host=localhost
>         ^^^^^^^
> 
> For example above: tomcat1 is the worker name.
> 
> If someone were to attempt a buffer overflow, they would need write 
> access to the Jk config file. (Then have enough permission/patience 
> until apache is restarted).

That's what I was thinking of. Bad permissions on the file can create a
risk. It is not likely, but that is one way of getting bigger
privileges. Of course that would mean the admin runs tomcat as root in
order to be exploitable.

> I do not think this is a problem (except for the admin of the box).

OK.


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message