tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Crowther" <Peter.Crowt...@melandra.com>
Subject RE: Servlet that needs ROOT access
Date Tue, 01 Aug 2006 13:20:46 GMT
> From: Paul McMahon [mailto:pmcmahon@software.plasmon.com] 
> The servlet application needs to do things like mkfs, 
> vgcfgrestore, vgchange, 
> mount and umount.

I'd use setuid scripts with very careful permissions:

- Write some shell scripts, one per action, to do what you need;

- Audit those scripts for possible security holes;

- Put the Tomcat process into its own group (let's call it 'tomcat');

- chown root.tomcat <script>

- chmod 710 <script>

- chmod u+s <script>

- Call the scripts from the servlet.

At this point, your threats come from: someone breaking into your
servlet or installing a new servlet on the machine and running a script
as Tomcat (damage limited to whatever the script can do); someone su-ing
to tomcat (ditto); someone gaining the same group membership as Tomcat
(ditto); someone affecting filestore and being able to change
permissions (major damage); or holes in the scripts (damage potentially
unlimited).  There may be other threats I've not seen.

But I ain't a security expert :-).

		- Peter

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message