WebApp Sec mailing list archives
Re: Tomcat on port 80 or Java as root
From: Daniel <daniel () dev ugc-labs co uk>
Date: 12 Mar 2004 11:20:51 -0000
In-Reply-To: <405088F0.9020906 () myrealbox com> I'd personally not run the risk of running anything as r00t. the java may be secure but what about the application? are there any insecure cgi scripts or other plugins that could be exploited. Why do you need to run it as root?
Received: (qmail 25081 invoked from network); 11 Mar 2004 15:56:34 -0000
Received: from outgoing3.securityfocus.com (205.206.231.27)
by mail.securityfocus.com with SMTP; 11 Mar 2004 15:56:34 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 7539FA3B0E; Thu, 11 Mar 2004 08:54:57 -0700 (MST)
Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <webappsec.list-id.securityfocus.com>
List-Post: <mailto:webappsec () securityfocus com>
List-Help: <mailto:webappsec-help () securityfocus com>
List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com>
List-Subscribe: <mailto:webappsec-subscribe () securityfocus com>
Delivered-To: mailing list webappsec () securityfocus com
Delivered-To: moderator for webappsec () securityfocus com
Received: (qmail 21322 invoked from network); 11 Mar 2004 09:28:47 -0000
Message-ID: <405088F0.9020906 () myrealbox com>
Date: Thu, 11 Mar 2004 21:12:40 +0530
From: Rajkumar S <listuser () myrealbox com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: webappsec () securityfocus com
Subject: Tomcat on port 80 or Java as root
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
What are the implications of running tomcat as root(ie to run tomcat on
port 80) Is java secure enough to run as root, or should I run some
thing like apache in front ?
How about having Tux as a front end? Is it advisable from a security
point of view?
with warm regards,
raj
Current thread:
- Tomcat on port 80 or Java as root Rajkumar S (Mar 11)
- RE: Tomcat on port 80 or Java as root Harshul Nayak (Mar 12)
- Re: Tomcat on port 80 or Java as root Rajkumar S (Mar 13)
- Re: Tomcat on port 80 or Java as root Aleksi Kallio (Mar 13)
- Re: Tomcat on port 80 or Java as root Dave Ockwell-Jenner (Mar 13)
- Re: Tomcat on port 80 or Java as root David Wall @ Yozons, Inc. (Mar 13)
- Re: Tomcat on port 80 or Java as root George Georgalis (Mar 13)
- RE: Tomcat on port 80 or Java as root urgoez (Mar 13)
- <Possible follow-ups>
- Re: Tomcat on port 80 or Java as root Daniel (Mar 12)
- RE: Tomcat on port 80 or Java as root Marc Deglos (Mar 12)
- Re: Tomcat on port 80 or Java as root Rajkumar S (Mar 13)
- Re: Tomcat on port 80 or Java as root Grega Bremec (Mar 14)
- RE: Tomcat on port 80 or Java as root Martin Gil (Mar 13)
- Re: Tomcat on port 80 or Java as root d31ik47 (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)
- Re: Tomcat on port 80 or Java as root Daniel (Mar 13)
- RE: Tomcat on port 80 or Java as root Harshul Nayak (Mar 12)