On Thu, 2002-12-05 at 20:33, Noel J. Bergman wrote: > Access to ports < 1024 and minimizing root services is a well-understood > issue for anyone who ought to be using a *nix system, having nothing to do > with any specific server application.
Restrictions on ports < 1024 and minimizing services running as root are contradictory aspects of the Unix "security model". The right thing to do is for Linux to get rid of this dumb "security" feature, or at least have an option to turn it off, so that a non-root process can bind directly to port 80. The most dangerous data (stuff straight off the net) should be handled at the lowest possible priv level. Right now, Unix requires the most dangerous stuff to be handled at the highest (most dangerous) priv level. Not smart. But there is nothing the Tomcat crew can do about this mis-design. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
