On 14/10/2011 16:15, Mark H. Wood wrote: > This I can agree with. They don't allow application managers > access to Tomcat's config., but anyone can drop stuff into > /etc/init.d, whence it will run as root? Really? Something is not > right here.
Is it just me, or is the simple privilege escalation attack that this makes possible the quickest way to solve this? :) Granted, it isn't the best way to solve it but boy would I be tempted in your shoes. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
