tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikolaj Rydzewski <m...@ceti.pl>
Subject Re: Jailrootting
Date Fri, 18 Jun 2010 09:42:46 GMT
Luca Gervasi wrote:
> i can read my /etc/passwd from a malicious jsp. 
>
> Where can i find infos on limiting filesystem access / visibility ?
>   
Google for SecurityManager. Check conf/catalina.policy file within 
tomcat installation.

If you are really concerned about security and you have to run 
untrustred java code than you should run every webapp in chroot/jail 
within it's own JVM.


-- 
Mikolaj Rydzewski <miki@ceti.pl>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message