> From: Tim Funk [mailto:[EMAIL PROTECTED] > If you have an evil admin, there is nothing stopping the him from > sniffing the network, or starting tomcat with a debugger > which can look > at the memory or {insert evil action here} ;)
Sure. Or do the old trick we used to do with Suns - L1-A out of the kernel, then poke through the data structures in memory with the built-in ROM debugger (thanks Sun). Any (non-quantum?) system can be compromised with enough effort. The aim is merely to make the hack sufficiently difficult that most corrupt admins would reckon there are easier (and/or more profitable) hacks elsewhere. Or, put another way, "when outrunning a dragon, you don't have to run faster than the dragon. You just have to run faster than the dwarf." - Peter --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]