* Nikola Milutinovic [EMAIL PROTECTED] [1238 08:38]:
Just to clarify things a bit, before I ask for a new feature in Tomcat.
Most security conciencious servers on UNIX (like BIND 9) use this
sequence:
1. Bind to TCP ports
2. Load all dynamic modules, libraries (usually done by the
Craig R. McClanahan wrote:
Unix (and Linux) provide mechanisms to deal with this already, without
changing the root-only restriction for ports 1024.
* There's a system call to change your user id (this is what
Apache itself does to grab port 80 as root and then switch
itself to a
Exactly.
John
-Original Message-
From: Noel J. Bergman [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 2:17 AM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
Personally, one of my goals is to go the other way and stick
tomcat into a
chroot jail, so
, December 06, 2002 6:13 PM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
On Thu, 2002-12-05 at 20:33, Noel J. Bergman wrote:
Access to ports 1024 and minimizing root services is a
well-understood
issue for anyone who ought to be using a *nix system,
having nothing to do
: Why run tomcat as root
Can unix admin configure his OS to let normal app to run port
80? I say
this because Unix is very configurable. Why you have to do
so much coding
just to access port 80, why not just look at it a different way?
--
To unsubscribe, e
in the
kernel.
John
-Original Message-
From: Vy Ho [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 11:12 AM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
Very good point, but what if the administrator him/herself grand this
access to this particular user? Linux
[mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 11:12 AM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
Very good point, but what if the administrator him/herself grand this
access to this particular user? Linux and Unix is all about
flexibility
right
Ho [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 11:51 AM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
Thank you for your comment. However, I think you gave a good
practical
work around for now, when the kernel is not there yet. But that also
means many
to change it for
you, or pay someone to change it for you.
John
-Original Message-
From: Vy Ho [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 11:51 AM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
Thank you for your comment. However, I think you gave a good
to change it for you.
John
-Original Message-
From: Vy Ho [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 11:51 AM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
Thank you for your comment. However, I think you gave a good
practical
work
a great weekend.
John
-Original Message-
From: Vy Ho [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 1:14 PM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
Well, assume you're right, then I and many developers have to
live with
this fact then.
I would
I just think if there is something they can do that what they try to
protect would work, and the problem we face would be solved.
I know someone who works on SE Linux, and has published the root password
for anyone to log into his system and try to break it. In that
configuration, even root
Hi,
I you are using Linux and a distribution that groks rpms, just install
the packages provided by jpackage (http://jpackage.zarb.org/) or even
those on jakarta (same maintainer, might be a little bit less
up-to-date). You'll get an hassle-free tomcat-mod_jk-apache solution,
with regular
On Fri, 6 Dec 2002, Vy Ho wrote:
Date: Fri, 06 Dec 2002 13:13:36 -0500 (EST)
From: Vy Ho [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: RE: Why run tomcat as root
Well, assume you're right, then I and many developers
t [EMAIL PROTECTED]
Subject: RE: Why run tomcat as root
Well, assume you're right, then I and many developers have to live with
this fact then.
I would like to make myself clear abit though. Whatever decision they
made over 40 years about limiting the access to port 0-1024, I dont
with respect to security what is the best way to run tomcat on linux? I am
running tomcat3.2.3 with apache1.3.26 and mod_jk
1. Run as root?
2. Run as nobody?
3.Run as other user (eg. tomcat)?
why is running tomcat as a certain user more secure than running it as
others?
If this is the appropriate
Run apache as one id (nobody?)
Run tomcat as another id (tomcat?)
Running as root ... dangerous.
Sanjaya Singharage wrote:
with respect to security what is the best way to run tomcat on linux? I am
running tomcat3.2.3 with apache1.3.26 and mod_jk
1. Run as root?
2. Run as nobody?
3.Run as other
Sanjaya Singharage [EMAIL PROTECTED]
05.12.2002 10:33
Please respond to Tomcat Users List
To: [EMAIL PROTECTED]
cc:
Subject:Why run tomcat as root
with respect to security what is the best way to run tomcat on linux? I am
running tomcat3.2.3
I don't think that you are right.
To run tomcat as root means you have less security than having
more security.
You have to be aware that you open a additional potential
security hole for the user that runs tomcat. (That is not
specific to tomcat, that is true for any application)
E.G
for
somebody use a servelets that give access to files on the system tomcat
is running on to read local files, provided this person knows the correct
path. If you run Tomcat as ROOT and you must if you want to use privileged
ports, you must be damn sure your firewall is properly configured
I have to run tomcat as
root. But I have not been able to figure out a way to downgrade the
privileges of the Tomcat process after it has accessed the privileged
resources. I have been told that Apache can donwgrade the privilege level
of processes after they have accessed privleged resources
times you've logged in as root before getting SSH
installed.
If you run Tomcat as root, you are risking a future exploit (or currently
unknown exploit) that will run as root. Bad idea, all around. Java's
security model alleviates this risk somewhat, but trusting that model 100%
is foolish, especially
of people expressing concer about this behavior of the
JVM of keeping processes running ar root and I fully understand why. The
problem is that if I want to access say Port 80 I have to run tomcat as
root. But I have not been able to figure out a way to downgrade the
privileges of the Tomcat
You don't. That's why there is so much effort and mailing list traffic
devoted to running Apache on port 80 and connecting to Tomcat using a
connector.
I don't run Tomcat as root, privileged port or not. Doing so on a publicly
accessible server would be foolish, regardless of Java's security
run tomcat as root
But I have not been able to figure out a way to downgrade the
privileges of the Tomcat process after it has accessed the privileged
resources. I have been told that Apache can donwgrade the
privilege level of processes after they have accessed privleged resources
the correct
path. If you run Tomcat as ROOT and you must if you want to use privileged
ports, you must be damn sure your firewall is properly configured and that
your servelets can not be abused this way. This behaviour seems to be a
strange peculiarity of Java. Apache for example simply accesses
)
-Original Message-
From: Kristján Rúnarsson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 2:17 PM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
But I have not been able to figure out a way to downgrade the
privileges of the Tomcat process after it has accessed
the
difference.
That should be enough to keep you busy for awhile.
John
-Original Message-
From: Kristjan Rznarsson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 9:24 AM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
First of did you read any but my
Subject: RE: Why run tomcat as root
But I have not been able to figure out a way to downgrade the
privileges of the Tomcat process after it has accessed the privileged
resources. I have been told that Apache can donwgrade the
privilege level of processes after they have accessed privleged
So in summary, if I read you right, you are saying that java processes can
not fork kids that run under another UID as the parent process?
If that is true, this whole situation sux ass and it should not be
possible to run Tomcat as ROOT at all which would force people to use a
port mapper
are not forced, either, to run Tomcat as root. You can run Tomcat as
any user you like. The restriction of non-root users being unable to bind
to privileged ports is a UNIX/Linux security restriction, not a Tomcat (or
JVM) security restriction. So, the ability to step down from root to a
non
connector.
You are not forced, either, to run Tomcat as root. You can run Tomcat as
any user you like. The restriction of non-root users being unable to bind
to privileged ports is a UNIX/Linux security restriction, not a Tomcat (or
JVM) security restriction. So, the ability to step down from root
under another UID as the parent process?
If that is true, this whole situation sux ass and it should not be
possible to run Tomcat as ROOT at all which would force people to use a
port mapper for privileged ports. Has this been changed in Tomcat versions
later than 4.0.x??
Mvh
KR
IMHO this is a case of the Tomcat team being restricted by the
deficiencies of Java, I apologize if I implied that they are incompetent I
did no mean to. The ability have a parent process fork child processes
that have restricted permissions is a pretty fundamental one. You say down
stepping
:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 10:55 AM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
IMHO this is a case of the Tomcat team being restricted by the
deficiencies of Java, I apologize if I implied that they are
incompetent I
did no mean to. The ability have
-Original Message-
From: Turner, John [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 9:31 AM
To: 'Tomcat Users List'
Subject: RE: Why run tomcat as root
[...]
You can also use a web forwarding or URL cloaking service,
such as the one
at ZoneEdit.com. If you
-Original Message-
From: Kristján Rúnarsson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 9:44 AM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
That is true enough but those sound like workarounds your option #2
suggests that Apache does not have
to Tomcat Users List
To: Tomcat Users List [EMAIL PROTECTED]
cc:
Subject:Re: Why run tomcat as root
The JVM doesn't fork at all.
The JVM (and therefore tomcat) is one process. The JVM is a virtual
machine with many threads under the same process. Because
Perhaps tomcat-dev would have your answers.
John
-Original Message-
From: Kristjan Rznarsson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 11:48 AM
To: Tomcat Users List
Subject: Re: Why run tomcat as root
I don't know of a class in java (and its appropriate
Tomcat is just a java class. (really a set of classes) It is like any
other java application.
If tomcat downgrades itself - all open sockets should be allowed to be
continued to be used by it. Weblogic does this (in my observation of
using it).
Apache runs the way you describe below. (from my
as the
proxy (iptables)
-Original Message-
From: Price, Erik [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 5:19 PM
To: Kristján Rúnarsson; Tomcat Users List
Subject: RE: Why run tomcat as root
Could not a solution be implemented like the Apache one,
where the work
On Thursday 05 December 2002 14:24, Tim Funk wrote:
With tomcat - the there is only one process, the JVM. It is possible to
bind to port 80 as root to listen on the port, then switch the entire
process to another (less priviledged) user id. To do this - you need
class which can call the native
On Thursday 05 December 2002 15:25, maninder s batth wrote:
running apache just for port mapping would be an overkill. does any one
foresee a potential problem
with port-mapper solution ?
Yep, a big problem. All traffic is from the port-mapper server, as far as
Tomcat knows.
I tried this and
On Thursday 05 December 2002 15:23, Kristján Rúnarsson wrote:
This leaves me with the option of running apache as a normal user and
setting up some sort of a redirect service that runs as root which is a
pretty unelegant solution compared to a tomcat that suid's it self down
after accessing
Can unix admin configure his OS to let normal app to run port 80? I say
this because Unix is very configurable. Why you have to do so much coding
just to access port 80, why not just look at it a different way?
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands,
there
for good reason.
John
-Original Message-
From: Vy Ho [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 3:48 PM
To: Tomcat Users List
Subject: RE: Why run tomcat as root
Can unix admin configure his OS to let normal app to run port
80? I say
this because Unix
IMHO this is a case of the Tomcat team being restricted by the
deficiencies of Java
Tomcat and Java work just fine. There are plenty of ways to NOT run it as
root. Ralph and Cees gave you at least three, one of which you could do
trvially within 30 seconds.
When started my tomcat server and
On Thu, 2002-12-05 at 20:33, Noel J. Bergman wrote:
Access to ports 1024 and minimizing root services is a well-understood
issue for anyone who ought to be using a *nix system, having nothing to do
with any specific server application.
Restrictions on ports 1024 and minimizing services
Restrictions on ports 1024 and minimizing services running as root are
contradictory aspects of the Unix security model.
You want to minimize the trusted code base, and you want to assure that
public services ( 1024) cannot be spoofed. You might want the port owner
to make sure that the
Currently we are running Tomcat as root on a linux machine , are there any
know security risks by doing so? SHould i rather run tomcat as another,
restricted user ?
--
Nils O. Selåsdal
At 03:04 PM 7/20/2001, you wrote:
Currently we are running Tomcat as root on a linux machine , are there any
know security risks by doing so? SHould i rather run tomcat as another,
restricted user ?
If you want to run tomcat on a port below 1024 you
have no choice.
I'm not sure about any specific risks, but I wouldn't run _anything_ as
root on any unix based system. Tomcat doesn't need to bind to ports under
1024 which is the only reason I can think that you would want to run as
root.
cheers
dim
On Fri, 20 Jul 2001, Nils O. [iso-8859-1] Selåsdal wrote:
52 matches
Mail list logo