tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From E B <hello1...@yahoo.co.uk>
Subject Re: AW: security issue: tomcat on port 80
Date Wed, 12 Dec 2001 06:13:01 GMT
> I asked once on the OpenBSD list.  Those guys are
> very much
> traditionalists so they did not like the idea. 
> Still, there is no
> longer any rational reason for this restriction.  I
> challenge anyone
> to point out a good reason for it.  Basically, it

I discussed this on a local LUG. It seems there are
plenty of local root exploits and even if u run the
servers as non-root, you can still gain access to
this non-root user and then use the local root 
exploits to get root. Now how do u beat this ?




> used to be the case
> that sysadmins didn't want ordinary users to be able
> to run sendmail
> on port 25.  This altruisticly protects other users
> on other machines
> from dealing with trojaned services (ie, trojan
> telnetd, etc).  This
> concern is ridiculous today, because how often do
> you telnet to some
> unknown server and enter a password?  Never,
> probably.
> 


__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message