Lucid Lynx authbind defaults too restrictive
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat6 (Ubuntu) |
Fix Released
|
Wishlist
|
Thierry Carrez |
Bug Description
Binary package hint: tomcat6
Description: Ubuntu 10.04 LTS
Release: 10.04
package: tomcat6 version 6.0.24-2ubuntu1
Bug:
To use Tomcat6 on a port below 1023, one has to use authbind. However, /etc/authbind/
0.0.0.0/32:1,1023
Which means it's possible to bind to ALL interfaces, but rules out binding to specific addresses (using Tomcat's <Connector address=...> mechanism). This seems to be incorrect; surely the latter is inherently part of the former and should also be allowed.
I would suggest changing it to
0.0.0.0/0:1,1023
Or, at the very least, to amend the comments in /etc/defaults/
Otherwise, one can spend a very long time trying to find out why one gets "Protocol handler start failed: java.net.
Related branches
CVE References
Changed in tomcat6 (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in tomcat6 (Ubuntu): | |
importance: | Wishlist → Medium |
status: | Confirmed → Triaged |
Tom:
That is in fact the behaviour I meant to configure authbind to allow -- I wanted to allow the Tomcat JVM to bind to privileged ports on any address on any NIC of the machine on which Tomcat runs. So, a network prefix of 0 is what it should use, instead of 32. Thanks for spotting that!