Hi calder,
> Am 13.05.2020 um 04:59 schrieb calder <calder....@gmail.com>: > > On Tue, May 12, 2020, 21:48 kohmoto <kohm...@iris.eonet.ne.jp> wrote: > >> Hi, Calder, >> >> Thank you for your prompt reply. >> I think Tomcat binary files all have root priviledges. >> Should these priviledges should be changed to user priviledges? >> > > > Yes. I would suggest to leave the binaries and maybe even config files to root or any other admin. So a hacked tomcat process under tomcat user will not be able to exchange config or even binaries. That will only work if the config will not be changed via host-manager or programmatically. In the past we even held the installed webapps under a different user. but that maybe difficult in automated deployments. My 2cts. Peter > > There is a "Tomcat Security" guide at the Tomcat website. Also, Mulesoft > has a good guide > https://www.mulesoft.com/tcat/tomcat-security > > > Your truly, >> Kazuhiko Kohmoto >> >> On 2020/05/13 11:17, calder wrote: >>> If TC, running as root, is ever compromised, the compromising user >>> (attacker) can gain access to the whole of the system. The attacker >> could >>> execute any arbitrary command available on the system. They could remove >>> files, or install malicious software. >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org