> -----Original Message----- > From: Kristj�n R�narsson [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 05, 2002 9:44 AM > To: Tomcat Users List > Subject: RE: Why run tomcat as root > > > That is true enough but those sound like workarounds your option #2 > suggests that Apache does not have this vulnerability of > having to run as > root to access privileged ports and I don�t see why Tomcat > should be any > different. I am still fishing for that simple attribute to > be added to > tomcat, or perhaps the JVM? that would enable tomcat to > somehow reduce > its privilege level after accessing privileged resources like > any proper > standalone server should. I may be simplistic but it seems to > me that this > would be a pretty fundamental ability for a standalone server and the > thougth is just mindblowing that theJVM does not offer > something similar. > I find that hard to believe.
Could not a solution be implemented like the Apache one, where the "work" of Tomcat (the JVM itself) is run by a non-privileged user, but it is connected to Port 80 by a process running as root? It's a question not a statement. Erik -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
