necouchman commented on a change in pull request #469: GUACAMOLE-890: Security: Allow image to run as non-root user URL: https://github.com/apache/guacamole-client/pull/469#discussion_r373877390
########## File path: Dockerfile ########## @@ -25,7 +25,7 @@ # such as `--build-arg TOMCAT_JRE=jre8-alpine` # ARG TOMCAT_VERSION=8.5 -ARG TOMCAT_JRE=jre8 +ARG TOMCAT_JRE=jdk8 Review comment: I also don't think a world-writable directory is the right way to go - the directory should have the correct ownership and permissions, not just the ones that work because we've blown everything open. If we're trying to improve security with this issue, making something world-writable seems contradictory to that effort. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
