tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From E B <hello1...@yahoo.co.uk>
Subject Re: AW: security issue: tomcat on port 80
Date Mon, 10 Dec 2001 07:48:58 GMT
Dr. Evil:
Have you tried asking your question in the linux
mailing lists ? What do those guys got to say about
this restriction to bind to ports < 1024 in the
present day server systems?



 --- "Dr. Evil" <drevil@sidereal.kz> wrote: > > The VM
itself is typically writen in C/C++, so I
> wouldn't beg on more=20
> > safety for a VM than Apache.
> 
> That's probably true.  However, the likelihood of
> someone being able
> to send a web request to Tomcat that will result in
> Tomcat triggering
> a buffer overflow in the VM seems ridiculously
> small.  It's not like
> the VM is executing arbitrary code from users, even
> though it is
> designed to be able to do that safely.
> 
> > And there are other potential risks running tomcat
> as root. (If you=20
> > make a configuration or implementation error that
> allows to store
> > JSP on the server, an intruder can do anything on
> your server)
> 
> Yeah, that could be a big problem.
> 
> > This was introduced to protect the ports that are
> used for the most
> > fundamental services from missuse by any user.
> 
> Which is plain old stupid, I must say.  It's not
> like Yahoo sells
> shell accounts on www.yahoo.com, right?  It dates
> from the good old
> days (now long gone) when root/sysadmins users
> basically trusted other
> root users, but didn't trust their own misbehaving
> shell account
> users.  This is totally irrelevant on today's
> Internet.  In the old
> days there had to be many users on one machine doing
> different things
> because machines were expensive.  Machines today are
> not shared.  They
> are owned and used by single entities, and for
> server machines (like
> www.yahoo.com) the only people with access to the
> machine are ones who
> already have root access.  Either you trust the
> machine and all of its
> sysadmins and users, or you don't.  How many
> companies still sell
> shell account service?  This OS limitation no longer
> has any security
> upside, and it has a huge downside, which is that
> the same process
> which runs CGIs or servlets also has (at some point)
> the power to edit
> /etc/passwd, and similar things which it should not
> have the
> capability of doing.
> 
> The ultimate solution for this is capabilities based
> security.  At a
> very fundamental level, I should be able to give a
> proc the capability
> to bind to a port without also giving it the
> capability to edit
> /etc/passwd or read arbitrary RAM.  The "uid 0 to
> bind < 1024"
> restriction just makes things worse.
> 
> I'm still waiting for TrustedBSD which will
> implement all this.
> Pretty much every exploit known in the Unix world
> has, as one of its
> steps, or as its end goal, getting root.  The
> solution to this is to
> not have root, obviously.
> 
> --
> To unsubscribe:  
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands:
> <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list:
> <mailto:tomcat-user-owner@jakarta.apache.org>
>  

________________________________________________________________
Nokia 5510 looks weird sounds great. 
Go to http://uk.promotions.yahoo.com/nokia/ discover and win it! 
The competition ends 16 th of December 2001.

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message