DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11584>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11584 Configuration files owned by tomcat3 not root Summary: Configuration files owned by tomcat3 not root Product: Tomcat 3 Version: 3.3 Final Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: Major Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] tomcat 3.3.1 when installed from rpm runs as user tomcat3 and has it's configuration files rewritable by this user. [root@hovercraft pete]# ls -l /etc/tomcat3/conf/tomcat3.conf -rw-r--r-- 1 tomcat3 tomcat3 866 Apr 30 16:28 /etc/tomcat3/conf/tomcat3.conf However, this file allows you to specify the user tomcat runs as - i.e. the tomcat3 user can rewrite his user directive to be root and then wait for a restart allowing him to escalate his user level to root. I think the configuration files should be owned by root, not tomcat3. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
