Thank you - we figured it out. On Mon, Oct 17, 2011 at 2:26 PM, Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mark, > > On 10/14/2011 11:15 AM, Mark H. Wood wrote: > > On Fri, Oct 14, 2011 at 07:33:28AM -0700, Hassan Schroeder wrote: > >> On Fri, Oct 14, 2011 at 1:52 AM, ettoregia <ettore...@gmail.com> > >> wrote: > >>> My system: Linux, the version I'don't know how to realize, > >>> since I've got just an ssh connection and typing some command > >>> I've not been able to discover it, maybe you can help me out > >>> on this as well. > >> > >> `cat /proc/version` should give you something useful. > > > > 'uname -a' is another possibility. > > I'm running Debian Squeeze: > > $ uname -a > Linux dev 2.6.32-5-openvz-amd64 #1 SMP Wed May 18 23:53:57 UTC 2011 > i686 GNU/Linux > > No mention of Debian. > > $ cat /proc/version > Linux version 2.6.32-5-openvz-amd64 (Debian 2.6.32-34squeeze1) > (da...@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Wed > May 18 23:53:57 UTC 2011 > > Ooh, Debian everywhere. > > Looks like Hassan's suggestion is better. > > I usually do: > > $ cat /etc/issue > Debian GNU/Linux 6.0 \n \l > > I didn't know there was a /proc/version. Maybe I'll start using that, > as it has more information. > > > This I can agree with. They don't allow application managers > > access to Tomcat's config., but anyone can drop stuff into > > /etc/init.d, whence it will run as root? Really? Something is > > not right here. > > Technically, things in /etc/init.d don't run as root just because they > are there. Most rc.d-based systems use /etc/rc[runlevel].d/* as > startup scripts, and those are symlinked to /etc/init.d. Putting a > file into /etc/init.d isn't a direct exploit, but it's pretty close. > > > That init script would need to start Yet Another Tomcat Instance. > > Is that what IT wants? That has implications for memory demand, > > port and address space, and linking among app.s. Maybe the IT guy > > understands how Tomcat works, but I think I would explore the > > possibility that he doesn't. > > +1 > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk6cgVAACgkQ9CaO5/Lv0PDETACgorbI/rr9VyrqW8Be2FWgBthm > gIEAn0pPW7uw5nsS2Zl8y8EjwFr2A+CY > =Ehot > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
