is there security risk when running tomcat7 on port 80

Question

I have setup a server with tomcat7 running on port 80. I have googled around and found out that since port 80 is a "magic port" it needs root privileges to be bound. For this reason most comments i read state that this is a security risk since tomcat7 does not escalate privileges.

However, what i see on my system is that the user of the process is indeed tomcat7 which means that indeed tomcat does escalate the privileges and drops from root to tomcat user. Is this correct?

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      107        198887      15475/java      

tomcat7:x:107:111::/usr/share/tomcat7:/bin/false

Still despite the fact the process is under tomcat user are there any security risks?

score 0 · Answer 1 · answered Jun 26 '15 at 18:44

0

You don't need root privileges to bind to ports lower than 1000. You will, however, need to modify the tomcat user settings to enable binding to ports lower than 1000.

What distro are you using?

answered Jun 26 '15 at 18:44

ericbond007

76
1
6

is there security risk when running tomcat7 on port 80

1 Answers1