Date: Tue, 27 May 2003 01:08:06 +1000 From: Joshua Goodall <joshua@roughtrade.net> To: Roberto Nunnari <nunnari@die.supsi.ch> Cc: freebsd-java@freebsd.org Subject: Re: tomcat on port 80 as user www:ww Message-ID: <20030526150806.GA538@roughtrade.net> In-Reply-To: <3ED20627.6090308@die.supsi.ch> References: <3ED20627.6090308@die.supsi.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 26, 2003 at 02:18:47PM +0200, Roberto Nunnari wrote: > What about running jakarta-tomcat4.1 as user www:www on port 80? > I don't need apache, so I run tomcat on port 80, but I can only > run it as root... > > Any known security issues with running jakarta-tomcat4.1 as user root? Let me rephrase that for you. "Any known security issues with running {APPLICATION} as user root?" The answer is always yes. Anyone telling you otherwise is not fit to manage a server. Well-written daemons that listen on privileged ports change their uid as soon as possible. Instead, I recommend investigating the possibilities of natd & divert sockets. Regards, Joshua.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030526150806.GA538>