tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: server.xml shutdown port command string
Date Thu, 18 Apr 2013 14:51:04 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chuck,

On 4/17/13 11:34 PM, Caldarale, Charles R wrote:
>> From: Leo Donahue - RDSA IT [mailto:LeoDonahue@mail.maricopa.gov]
>>  Subject: RE: server.xml shutdown port command string
> 
>> If I am the only person deploying web apps (that I have
>> developed), should I still consider changing this command string
>> value to something more complex?
> 
> Only if untrusted users have access to the machine Tomcat is
> running on or misguided security policies dictate that you must.
> If you're in a paranoid environment, just disable the shutdown
> port.

If an attacker is on your box, you are pretty much toast already, so
changing the "shutdown password" doesn't really do much. It protects
against a non-privileged user connecting to a fairly well-known port
(default=8005) and issuing a fairly well-known command ("SHUTDOWN") to
take-down your server.

By default, Tomcat's server.xml is not readable by anyone other than
the user who unzipped the archive. It's not unusual to see that file
set to world-readable, though. In the case that the file is *not*
world-readable, changing the password can still keep an unprivieged
user from trivially taking-down your service. Obviously, if the file
is not protected in this way, the password is no protection at all.

If the attacker is logged-in as the Tomcat user, you can't stop them
from shutting-down Tomcat of course: they can just run
bin/shutdown.sh. If the shutdown port is completely disabled, they can
just run "kill [pid]". The same is true of any privileged user.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJRcAhXAAoJEBzwKT+lPKRYxaMQAJ4/GboHNGRNrpd4Mjaq3jzD
HgDxs2QqPh5QykSRHYjIOlnaF8Rb1mm+xqa81bkVEXnxlmy12hodPgx0c7xPK+qE
rZ6IVNlzwS5dBpH7hxj3XoKKi9kgaFVi9ULQI5e2+jeaxhtT0xjeftpkuGOxitT0
tlyRuWra6Dj/nM4Ow1T3GAHDWK/iIUafFmEtcJdxe3fhx0KcGvB5tJMgH52ledix
WgCZHSvGxKTBjypc61XlOWyMYftc4fDnqcwHna8n7I2nTzSmVY9nMoF915zoks3j
8SJJIYXMYJFtPy45GG9uXoY3VaiQpQB+4ML9p/a/2THeVdXYZY/YFneaoydIKjGR
iEaHgC1yGi92cwhEliB5pfWteAvS/DJwIO89+Ioz4a0GINaW9krnKr8bKfAAN6Le
k2ey4NeQNfuLAxwUkvjKc/CABTeehw4YFQYd3Yd18C3zISYeWXX0QCI1cIllND4s
RoV4zgbu2xhgAYYcy1d9abTfRBNstgdJOKmFfRH2IoUtXMq7Ptqb3WK4KiuOj43n
5j7x/EGMzRC9LzWE+EzeiFdQw2AMeZbVeFSLn9lq2upzPMti9K5IJybXbDC9/gHc
sPIgqm9W2cwg+5BAffYGzXdzlOcGmVp0aJVHtX0KHsKprFfE1laRWZ8REz2NRtZv
8ZQCp3VBXNNWhIzcqSu1
=HZUQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message