-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark,
On 10/14/2011 11:15 AM, Mark H. Wood wrote: > On Fri, Oct 14, 2011 at 07:33:28AM -0700, Hassan Schroeder wrote: >> On Fri, Oct 14, 2011 at 1:52 AM, ettoregia <ettore...@gmail.com> >> wrote: >>> My system: Linux, the version I'don't know how to realize, >>> since I've got just an ssh connection and typing some command >>> I've not been able to discover it, maybe you can help me out >>> on this as well. >> >> `cat /proc/version` should give you something useful. > > 'uname -a' is another possibility. I'm running Debian Squeeze: $ uname -a Linux dev 2.6.32-5-openvz-amd64 #1 SMP Wed May 18 23:53:57 UTC 2011 i686 GNU/Linux No mention of Debian. $ cat /proc/version Linux version 2.6.32-5-openvz-amd64 (Debian 2.6.32-34squeeze1) (da...@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Wed May 18 23:53:57 UTC 2011 Ooh, Debian everywhere. Looks like Hassan's suggestion is better. I usually do: $ cat /etc/issue Debian GNU/Linux 6.0 \n \l I didn't know there was a /proc/version. Maybe I'll start using that, as it has more information. > This I can agree with. They don't allow application managers > access to Tomcat's config., but anyone can drop stuff into > /etc/init.d, whence it will run as root? Really? Something is > not right here. Technically, things in /etc/init.d don't run as root just because they are there. Most rc.d-based systems use /etc/rc[runlevel].d/* as startup scripts, and those are symlinked to /etc/init.d. Putting a file into /etc/init.d isn't a direct exploit, but it's pretty close. > That init script would need to start Yet Another Tomcat Instance. > Is that what IT wants? That has implications for memory demand, > port and address space, and linking among app.s. Maybe the IT guy > understands how Tomcat works, but I think I would explore the > possibility that he doesn't. +1 - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6cgVAACgkQ9CaO5/Lv0PDETACgorbI/rr9VyrqW8Be2FWgBthm gIEAn0pPW7uw5nsS2Zl8y8EjwFr2A+CY =Ehot -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
