Date: Tue, 27 May 2003 01:08:06 +1000 From: Joshua Goodall <joshua@roughtrade.net> To: Roberto Nunnari <nunnari@die.supsi.ch> Cc: freebsd-java@freebsd.org Subject: Re: tomcat on port 80 as user www:ww Message-ID: <20030526150806.GA538@roughtrade.net> In-Reply-To: <3ED20627.6090308@die.supsi.ch> References: <3ED20627.6090308@die.supsi.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 26, 2003 at 02:18:47PM +0200, Roberto Nunnari wrote:
> What about running jakarta-tomcat4.1 as user www:www on port 80?
> I don't need apache, so I run tomcat on port 80, but I can only
> run it as root...
>
> Any known security issues with running jakarta-tomcat4.1 as user root?
Let me rephrase that for you.
"Any known security issues with running {APPLICATION} as user root?"
The answer is always yes. Anyone telling you otherwise is not fit
to manage a server. Well-written daemons that listen on privileged
ports change their uid as soon as possible.
Instead, I recommend investigating the possibilities of natd & divert
sockets.
Regards,
Joshua.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030526150806.GA538>