tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From E B <>
Subject Re: AW: security issue: tomcat on port 80
Date Wed, 12 Dec 2001 06:13:01 GMT
> I asked once on the OpenBSD list.  Those guys are
> very much
> traditionalists so they did not like the idea. 
> Still, there is no
> longer any rational reason for this restriction.  I
> challenge anyone
> to point out a good reason for it.  Basically, it

I discussed this on a local LUG. It seems there are
plenty of local root exploits and even if u run the
servers as non-root, you can still gain access to
this non-root user and then use the local root 
exploits to get root. Now how do u beat this ?

> used to be the case
> that sysadmins didn't want ordinary users to be able
> to run sendmail
> on port 25.  This altruisticly protects other users
> on other machines
> from dealing with trojaned services (ie, trojan
> telnetd, etc).  This
> concern is ridiculous today, because how often do
> you telnet to some
> unknown server and enter a password?  Never,
> probably.

Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message