Hallo, I'm using Java(TM) SE Runtime Environment 1.6.0_20-b02 Java HotSpot(TM) 64-Bit Server VM) Apache Tomcat/6.0.26 (vanilla)
is there a way to chroot each webapp in its actual context? Using a code like this: Process p = Runtime.getRuntime().exec("cat /etc/passwd"); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); String disr = dis.readLine(); while ( disr != null ) { out.println(disr); disr = dis.readLine(); } } i can read my /etc/passwd from a malicious jsp. Where can i find infos on limiting filesystem access / visibility ? Is there a way to "obscure" all the unnecessary details from each webapp? (maybe, choosing the permission on <Context> bases...). Thanks. Luca Gervasi --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org