WebApp Sec mailing list archives
Re: Tomcat on port 80 or Java as root
From: Daniel <daniel () dev ugc-labs co uk>
Date: 12 Mar 2004 14:51:51 -0000
In-Reply-To: <4051C7A0.5080505 () nomensa com> typical, you click on post and then find the info you wanted :0) have a look at http://jakarta.apache.org/commons/daemon/ seems like there is a project already which allows the creation of the port on port 80 and then drops the privelages.
Received: (qmail 20742 invoked from network); 12 Mar 2004 14:33:01 -0000 Received: from outgoing3.securityfocus.com (205.206.231.27) by mail.securityfocus.com with SMTP; 12 Mar 2004 14:33:01 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing3.securityfocus.com (Postfix) with QMQP id 6B474A30A8; Fri, 12 Mar 2004 07:33:33 -0700 (MST) Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <webappsec.list-id.securityfocus.com> List-Post: <mailto:webappsec () securityfocus com> List-Help: <mailto:webappsec-help () securityfocus com> List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com> List-Subscribe: <mailto:webappsec-subscribe () securityfocus com> Delivered-To: mailing list webappsec () securityfocus com Delivered-To: moderator for webappsec () securityfocus com Received: (qmail 4816 invoked from network); 12 Mar 2004 08:08:43 -0000 Message-ID: <4051C7A0.5080505 () nomensa com> Date: Fri, 12 Mar 2004 14:22:24 +0000 From: Marc Deglos <md () nomensa com> User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: webappsec () securityfocus com Subject: RE: Tomcat on port 80 or Java as root Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bitWhat are the implications of running tomcat as root(ie to run tomcaton port 80) The use of the word 'root' is misleading - IMO, this reference to 'root' does not correlate to the root user. The question seems to be: "What are the implications of allowing web traffic to connect directly to Tomcat, instead of through apache?" //Marc.
Current thread:
- Re: Tomcat on port 80 or Java as root, (continued)
- Re: Tomcat on port 80 or Java as root David Wall @ Yozons, Inc. (Mar 13)
- Re: Tomcat on port 80 or Java as root George Georgalis (Mar 13)
- RE: Tomcat on port 80 or Java as root urgoez (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 12)
- RE: Tomcat on port 80 or Java as root Marc Deglos (Mar 12)
- Re: Tomcat on port 80 or Java as root Rajkumar S (Mar 13)
- Re: Tomcat on port 80 or Java as root Grega Bremec (Mar 14)
- RE: Tomcat on port 80 or Java as root Martin Gil (Mar 13)
- Re: Tomcat on port 80 or Java as root d31ik47 (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)