tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregor Schneider <rc4...@googlemail.com>
Subject Re: Jailrootting
Date Tue, 22 Jun 2010 16:07:27 GMT
2010/6/18 Mikolaj Rydzewski <miki@ceti.pl>:
> Luca Gervasi wrote:
>>
>> i can read my /etc/passwd from a malicious jsp.
>> Where can i find infos on limiting filesystem access / visibility ?
>>
>

1st thing to do:

run tomcat as user "tomcat" (or whatever username u like)  with
limited rights - that should at least fix the possibility to cat
/etc/passwd

cheers

gregor
-- 
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message