Focus on Sun
Sun Application Server Drop Privs Apr 24 2007 12:11AM
Crist J. Clark (cristclark comcast net) (3 replies)
Re: Sun Application Server Drop Privs Apr 25 2007 12:41PM
haim [howard] roman (roman jct ac il) (1 replies)
Re: Sun Application Server Drop Privs Apr 26 2007 10:54AM
Alexander Klimov (alserkli inbox ru)
On Wed, 25 Apr 2007, haim [howard] roman wrote:
> Regarding (b), even if you run the server as root, you can change the
> owners &/or groups of the files so that non-root users can change them.

It may happen that controlling configuration files is enough to force
the application to do nasty things (e.g., reading /etc/shadow, or even
overwriting it). If an application is run as root, the result can be
that you allow the one who controls the configuration files to do this
nasty things.

If your only problem is the ports, you could run the server on some
other ports (say, 20080 instead of 80) and use ipf to redirect 80 to
20080.

--
Regards,
ASK

[ reply ]
RE: Sun Application Server Drop Privs Apr 24 2007 03:41PM
Tony UcedaVelez (tonyuv versprite com)
Re: Sun Application Server Drop Privs Apr 24 2007 03:36PM
Stephen Hauskins (stephen acg ucsc edu)


 

Privacy Statement
Copyright 2010, SecurityFocus