* Nikola Milutinovic <[EMAIL PROTECTED]> [1238 08:38]: > Just to clarify things a bit, before I ask for a new feature in Tomcat. > Most "security conciencious" servers on UNIX (like BIND 9) use this > sequence: > > 1. Bind to TCP ports > 2. Load all dynamic modules, libraries (usually done by the loader) > 3. chroot() > 4. setuid() Yes, this looks like a UNIX specific thing, but what does this gain you? All it protects you from is file access, an unprivileged user does the same without the hassle of chrooting a JVM. The network is still vulnerable to abuse.
(following is a general comment and not directed at Nikola personally) Just run tomcat as a normal user and port-forward. Read Proxy Support HOWTO and treat the forwarded port as a proxy server. Job done. Get on with your life. This discussion has gone on for over a week now. I seem to remember there are one or two other lists for Linux system administration on the Net so can we please pack this thread in? :) (PS: If you insist on normal users binding to port 80, google for 'privileges' and read some white papers. The BSDs have done a lot of work in this area.) -- Rasputin :: Jack of All Trades - Master of Nuns -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
