On 14/10/2011 16:31, Mark Thomas wrote: > On 14/10/2011 16:15, Mark H. Wood wrote: >> This I can agree with. They don't allow application managers >> access to Tomcat's config., but anyone can drop stuff into >> /etc/init.d, whence it will run as root? Really? Something is not >> right here.
+1 These support guys need firing... > Is it just me, or is the simple privilege escalation attack that this > makes possible the quickest way to solve this? :) Granted, it isn't > the best way to solve it but boy would I be tempted in your shoes. Yes, quite. p
signature.asc
Description: OpenPGP digital signature