WebApp Sec mailing list archives
Re: Tomcat on port 80 or Java as root
From: Daniel <daniel () dev ugc-labs co uk>
Date: 12 Mar 2004 11:20:51 -0000
In-Reply-To: <405088F0.9020906 () myrealbox com> I'd personally not run the risk of running anything as r00t. the java may be secure but what about the application? are there any insecure cgi scripts or other plugins that could be exploited. Why do you need to run it as root?
Received: (qmail 25081 invoked from network); 11 Mar 2004 15:56:34 -0000 Received: from outgoing3.securityfocus.com (205.206.231.27) by mail.securityfocus.com with SMTP; 11 Mar 2004 15:56:34 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing3.securityfocus.com (Postfix) with QMQP id 7539FA3B0E; Thu, 11 Mar 2004 08:54:57 -0700 (MST) Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <webappsec.list-id.securityfocus.com> List-Post: <mailto:webappsec () securityfocus com> List-Help: <mailto:webappsec-help () securityfocus com> List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com> List-Subscribe: <mailto:webappsec-subscribe () securityfocus com> Delivered-To: mailing list webappsec () securityfocus com Delivered-To: moderator for webappsec () securityfocus com Received: (qmail 21322 invoked from network); 11 Mar 2004 09:28:47 -0000 Message-ID: <405088F0.9020906 () myrealbox com> Date: Thu, 11 Mar 2004 21:12:40 +0530 From: Rajkumar S <listuser () myrealbox com> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: webappsec () securityfocus com Subject: Tomcat on port 80 or Java as root Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, What are the implications of running tomcat as root(ie to run tomcat on port 80) Is java secure enough to run as root, or should I run some thing like apache in front ? How about having Tux as a front end? Is it advisable from a security point of view? with warm regards, raj
Current thread:
- Tomcat on port 80 or Java as root Rajkumar S (Mar 11)
- RE: Tomcat on port 80 or Java as root Harshul Nayak (Mar 12)
- Re: Tomcat on port 80 or Java as root Rajkumar S (Mar 13)
- Re: Tomcat on port 80 or Java as root Aleksi Kallio (Mar 13)
- Re: Tomcat on port 80 or Java as root Dave Ockwell-Jenner (Mar 13)
- Re: Tomcat on port 80 or Java as root David Wall @ Yozons, Inc. (Mar 13)
- Re: Tomcat on port 80 or Java as root George Georgalis (Mar 13)
- RE: Tomcat on port 80 or Java as root urgoez (Mar 13)
- <Possible follow-ups>
- Re: Tomcat on port 80 or Java as root Daniel (Mar 12)
- RE: Tomcat on port 80 or Java as root Marc Deglos (Mar 12)
- Re: Tomcat on port 80 or Java as root Rajkumar S (Mar 13)
- Re: Tomcat on port 80 or Java as root Grega Bremec (Mar 14)
- RE: Tomcat on port 80 or Java as root Martin Gil (Mar 13)
- Re: Tomcat on port 80 or Java as root d31ik47 (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)
- RE: Tomcat on port 80 or Java as root Harshul Nayak (Mar 12)