> From: Paul McMahon [mailto:[EMAIL PROTECTED]
> The servlet application needs to do things like mkfs,
> vgcfgrestore, vgchange,
> mount and umount.
I'd use setuid scripts with very careful permissions:
- Write some shell scripts, one per action, to do what you need;
- Audit those scripts for possible security holes;
- Put the Tomcat process into its own group (let's call it 'tomcat');
- chown root.tomcat <script>
- chmod 710 <script>
- chmod u+s <script>
- Call the scripts from the servlet.
At this point, your threats come from: someone breaking into your
servlet or installing a new servlet on the machine and running a script
as Tomcat (damage limited to whatever the script can do); someone su-ing
to tomcat (ditto); someone gaining the same group membership as Tomcat
(ditto); someone affecting filestore and being able to change
permissions (major damage); or holes in the scripts (damage potentially
unlimited). There may be other threats I've not seen.
But I ain't a security expert :-).
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
