Alright guys, thanks for your help.
Pid * wrote: > > On 14/10/2011 16:31, Mark Thomas wrote: >> On 14/10/2011 16:15, Mark H. Wood wrote: >>> This I can agree with. They don't allow application managers >>> access to Tomcat's config., but anyone can drop stuff into >>> /etc/init.d, whence it will run as root? Really? Something is not >>> right here. > > +1 These support guys need firing... > >> Is it just me, or is the simple privilege escalation attack that this >> makes possible the quickest way to solve this? :) Granted, it isn't >> the best way to solve it but boy would I be tempted in your shoes. > > Yes, quite. > > > p > > > > -- View this message in context: http://old.nabble.com/Configure-tomcat-using-init.d-tp32650998p32665384.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
