tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Crowther" <>
Subject RE: Servlet that needs ROOT access
Date Tue, 01 Aug 2006 13:20:46 GMT
> From: Paul McMahon [] 
> The servlet application needs to do things like mkfs, 
> vgcfgrestore, vgchange, 
> mount and umount.

I'd use setuid scripts with very careful permissions:

- Write some shell scripts, one per action, to do what you need;

- Audit those scripts for possible security holes;

- Put the Tomcat process into its own group (let's call it 'tomcat');

- chown root.tomcat <script>

- chmod 710 <script>

- chmod u+s <script>

- Call the scripts from the servlet.

At this point, your threats come from: someone breaking into your
servlet or installing a new servlet on the machine and running a script
as Tomcat (damage limited to whatever the script can do); someone su-ing
to tomcat (ditto); someone gaining the same group membership as Tomcat
(ditto); someone affecting filestore and being able to change
permissions (major damage); or holes in the scripts (damage potentially
unlimited).  There may be other threats I've not seen.

But I ain't a security expert :-).

		- Peter

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message