Hmm ... I took a look at the source and noticed that all it takes to tell
Tomcat to shutdown is to connect to the Tomcat port and send an ASCII 254
followed by an ASCII 15. Are there any plans in the future to rectify this
or is there already a method in place to provide some sort of authentication
that I don't know about?
- Arcadio
----- Original Message -----
From: "Artigas, Ricardo Y." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 23, 2001 9:16 PM
Subject: RE: *** Ordinary users can kill the tomcat server? ***
> It may be because the permission for the shutdown.sh script was granted to
> everyone. Change the permissions for the shutdown script so not everyone
> can execute it. HTH.
>
> :^)
> Ricky Y. Artigas
> Analyst/Programmer /
> Database Administrator
> Information Technology Division
> Easycall Communications Phils., Inc.
> - Easycall Internet -
> 418 Arayat St., Mandaluyong City 1550, Philippines
> Personal WAP Site: http://www.buzzed.co.uk/mobile/?rya
> Company Website: http://www.easycall.com.ph
> Tel.no: (+632) 5338001 ext.6574
> Mobile:(+63) 0917-8951783
> Pager: 141-002955
> Email: [EMAIL PROTECTED]
>
>
> > -------------------------------
> > IMPORTANT NOTICE:
>
> > This message (and any attachment hereto) may contain privileged and/or
> > confidential information specific to EasyCall. If you are not the
intended
> > addressee indicated in this message, you may not copy or disseminate
this
> > message (or any attachment hereto) to anyone. Instead, please destroy
this
> > message (and any attachment hereto), and kindly notify the sender by
reply
> > email. Any information in this message (and any attachment thereto) that
> > do not relate to the official business of EasyCall shall be understood
as
> > neither given nor endorsed by the company.
> >
> >
> > -----Original Message-----
> > From: Brian George [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, May 24, 2001 8:54 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: *** Ordinary users can kill the tomcat server? ***
> >
> > Please UNSUBSCRIBE me.
> >
> > I did not subscribe to this listserve.
> >
> > > -----Original Message-----
> > > From: Arcadio A. Sincero Jr. [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, May 23, 2001 4:55 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: *** Ordinary users can kill the tomcat server? ***
> > >
> > >
> > > Hello list,
> > >
> > > I noticed that even if I start tomcat as root, ordinary users can
> > > simply run
> > > the shutdown.sh script themselves and cause it to terminate.
> > > This can't be
> > > right, can it? I mean, it doesn't seem like normal users should
> > > be able to
> > > kill system services right? Did I do something wrong in the
> > configuration
> > > or is this normal behavior? Thanks.
> > >
> > > - Arcadio
> > >
> > >
>
