Hallo,
I'm using
Java(TM) SE Runtime Environment 1.6.0_20-b02 Java HotSpot(TM) 64-Bit
Server VM)
Apache Tomcat/6.0.26 (vanilla)
is there a way to chroot each webapp in its actual context?
Using a code like this:
Process p = Runtime.getRuntime().exec("cat /etc/passwd");
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
i can read my /etc/passwd from a malicious jsp.
Where can i find infos on limiting filesystem access / visibility ?
Is there a way to "obscure" all the unnecessary details from each
webapp? (maybe, choosing the permission on <Context> bases...).
Thanks.
Luca Gervasi
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
