You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by "Jerome Lacoste (Frisurf)" <la...@frisurf.no> on 2003/01/03 15:47:52 UTC
Re: cvs commit:
jakarta-tomcat-connectors/jk/xdocs/jk workershowto.xml
On Fri, 2003-01-03 at 12:52, Tim Funk wrote:
> wname is the worker name. This name is the name of the worker as defined
> in the JK property config file. Eg:
>
> worker.tomcat1.host=localhost
> ^^^^^^^
>
> For example above: tomcat1 is the worker name.
>
> If someone were to attempt a buffer overflow, they would need write
> access to the Jk config file. (Then have enough permission/patience
> until apache is restarted).
That's what I was thinking of. Bad permissions on the file can create a
risk. It is not likely, but that is one way of getting bigger
privileges. Of course that would mean the admin runs tomcat as root in
order to be exploitable.
> I do not think this is a problem (except for the admin of the box).
OK.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>