Questions on recent CVE fixes

Hi All, Thanks for all the help and work you great people do. My question is regarding CVE-2018-1305 and CVE-2018-1304 that were fixed in the latest builds. We use Tomcat 7

Re: Instances of org.apache.coyote.RequestInfo accumulate in RequestGroupInfo.processors and eventually result in OOME

Hello, Mark, Thanks for your attention. Could you take a look at the class histogram from today's OOME heap dump? Maybe it could provide some details. I see a spike in CPU usage at the approximate time the dump was generated but that might be caused by the garbage collector's futile attempt to fr

RE: Binding a non root user to port 443

Hasan, the answer is , I don't really know why they hesitated on that request. Can do it myself, I have root , I was just being cooperative. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571

RE: Binding a non root user to port 443

Pushing back mean they were stuttering about reconfiguring the local firewalld zone that they created. I am trying to figure out a different way but I just don’t know java that well. If they box me in a corner , I will figure it out however. === Thank You; Chris Chel

Re: Binding a non root user to port 443

On Tue, Mar 13, 2018 at 11:18 AM, Cheltenham, Chris wrote: > I may lobby for iptables but the admins are pushing back. "pushing back" because of laziness or actual reasons? -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan Consulting Availability : Silico

Re: [E] Binding a non root user to port 443

Change your 443 port to something above 443. like 1443 or 8443. Root owns ports below 1024. Root owner will have to stop/start. and processes using ports under 1024. Only root user can use. Peggy On Tue, Mar 13, 2018 at 1:26 PM, Cheltenham, Chris < ccheltenham-...@philasd.org> wrote: > Hello

Re: Binding a non root user to port 443

This looks like a continuation of this thread from 11 days ago: https://www.mail-archive.com/users@tomcat.apache.org/msg128541.html On Tue, Mar 13, 2018 at 2:16 PM, Cheltenham, Chris wrote: > Chris, > > I see JSVC will allow a non root user to bund to 443 > Somehow I have to get these libraries i

RE: Binding a non root user to port 443

Chris, Do you believe this is the best way to redirect the ports or is it better all around for the OS to handle that. I.E. iptables I may lobby for iptables but the admins are pushing back. === Thank You; Chris Cheltenham Technology Services The School District of P

RE: Binding a non root user to port 443

Chris, I see JSVC will allow a non root user to bund to 443 Somehow I have to get these libraries into TOMCAT? Correct? === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Mess

RE: Binding a non root user to port 443

Thanks Chris, I don’t know what that is , JSVC. I will look into it. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Christopher Schultz [mailto:ch...@ch

Re: Binding a non root user to port 443

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 3/13/18 1:26 PM, Cheltenham, Chris wrote: > Is there a way to redirect ports 80 and 443 to 8443. > > I have a non root user but I cannot use CentOS firewalld nor > iptables. How about authbind? > I have tried these things. > > redirec

Binding a non root user to port 443

Hello Everyone, Is there a way to redirect ports 80 and 443 to 8443. I have a non root user but I cannot use CentOS firewalld nor iptables. I have tried these things. But it still fails. === Thank You; Chris Cheltenham Technology Services The School Di