tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Jailrootting
Date Wed, 23 Jun 2010 21:25:53 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Luca,

On 6/23/2010 3:18 AM, Luca Gervasi wrote:
> Hi guys, thanks for answering me.
> 
> Tomcat uses a low privilege user and the system-wide permissions are
> thus enforced by OS but...i can still read all the istance-wide files
> (tomcat-users.xml, server.xml and any other 644 file).
> 
> I'm starting to read about SecurityManager, but i think that this should
> be the answer i was looking for :)

If you don't trust your webapps, your options are as previously-stated:
SecurityManager and/or chroot jail for Tomcat/JVM.

Using a chroot jail won't prevent hostile/untrustworthy webapps from
reading server.xml, etc. so the SecurityManager is really the way to go.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwie+EACgkQ9CaO5/Lv0PB/+QCdFd3VK23wh7myZiR2tLpINf3D
0h4AoKIOhdWx0c7YoK+0p5Wus+AMIfyn
=R9Ge
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message