Enterprise Unix Roundup: An Odd Win for Desktop Linux Page 2
|Main||In Other News||Recent Updates||Tips of the Trade|
Sun has patched the gzip included with Solaris to fix a directory traversal bug that might allow a malicious user to extract files from a gzip archive to an arbitrary location in the filesystem.
Bugs in gzip could allow for a denial of service attack. Patches are in from Ubuntu, Debian. The original advisory, rated as "moderately critical," notes that the only fix if your distributor or vendor hasn't released a patch, is to "restrict use of applications using the zlib library to only process input from trusted sources." If you're not sure whether an app you're using utilizes zlib or not, here's a list. It's long and includes several server-side apps.
Tips of the Trade
If you're looking for a lightweight, embeddable, yet feature-full HTTP server for your next Web application server project, take a good look at Jetty. Jetty is a very customizable server that can run as a nice, simple, lightweight standalone HTTP server. It can be used as a Web application server. And it can be embedded in Java applications to include both HTTP and Servlet functions, like running Apache and Tomcat, but with less complexity. This means you can build and deliver completely integrated Web application servers that do not require users to run and maintain a separate Web server. And they can be trimmed down for embedded systems and handheld devices.
Jetty is more than ready for the enterprise, as it integrates nicely with J2EE application servers like Geronimo and JBoss. Because it is written in 100 percent Java, it is platform-independent. Jetty is also useful as a platform for developing a consistent, cross-platform graphical interface.
Getting started with Jetty is simple. Download and install the sources from jetty.mortbay.org/jetty/download.html. Then run the included demo. You should find some files like these:
# java -jar start.jar /etc/admin.xml /etc/demo.xml
Jetty supports pretty much everything- CGI, JSP, XML, it's J2EE compliant, and it does clustering and load balancing. It is free of cost and Open Source software, licensed under the Apache 2.0 License. Visit jetty.mortbay.org for downloads and tutorials.
Carla Schroder writes the Tips of the Trade section of Enterprise Unix Roundup. She also appears on Enterprise Networking Planet and Linux Planet, covering Linux from the desktop to the server room, and is the author of the Linux Cookbook.