tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Tomcat <tom...@mobile.mp>
Subject RE: Why run tomcat as root
Date Fri, 06 Dec 2002 23:12:48 GMT
On Thu, 2002-12-05 at 20:33, Noel J. Bergman wrote:
> Access to ports < 1024 and minimizing root services is a well-understood
> issue for anyone who ought to be using a *nix system, having nothing to do
> with any specific server application.

Restrictions on ports < 1024 and minimizing services running as root are
contradictory aspects of the Unix "security model".  The right thing to
do is for Linux to get rid of this dumb "security" feature, or at least
have an option to turn it off, so that a non-root process can bind
directly to port 80.  The most dangerous data (stuff straight off the
net) should be handled at the lowest possible priv level.  Right now,
Unix requires the most dangerous stuff to be handled at the highest
(most dangerous) priv level.  Not smart.  But there is nothing the
Tomcat crew can do about this mis-design.



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message