On Fri, 2003-01-03 at 12:52, Tim Funk wrote: > wname is the worker name. This name is the name of the worker as defined > in the JK property config file. Eg: > > worker.tomcat1.host=localhost > ^^^^^^^ > > For example above: tomcat1 is the worker name. > > If someone were to attempt a buffer overflow, they would need write > access to the Jk config file. (Then have enough permission/patience > until apache is restarted).
That's what I was thinking of. Bad permissions on the file can create a risk. It is not likely, but that is one way of getting bigger privileges. Of course that would mean the admin runs tomcat as root in order to be exploitable. > I do not think this is a problem (except for the admin of the box). OK. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>