[tomcat8] 01/01: Fixed a privilege escalation when the package is upgraded (Closes: #845393)

Fri, 02 Dec 2016 01:15:08 -0800 

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch jessie
in repository tomcat8.

commit d28c720ec76f020d4a4865931a58aba47f8bfc6b
Author: Emmanuel Bourg <[email protected]>
Date:   Fri Dec 2 10:10:18 2016 +0100

    Fixed a privilege escalation when the package is upgraded (Closes: #845393)
---
 debian/changelog        | 2 ++
 debian/rules            | 6 ++++++
 debian/tomcat8.postinst | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 6343228..e26eb9c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,6 +25,8 @@ tomcat8 (8.0.14-1+deb8u5) UNRELEASED; urgency=medium
   * Added asm-all.jar to the test classpath to fix TestWebappServiceLoader
   * Fixed a test failure in the new TestNamingContext test added with the fix
     for CVE-2016-6797
+  * Fixed a privilege escalation when the package is upgraded.
+    Thanks to Paul Szabo for the report (Closes: #845393)
   * Test failures are no longer ignored and now stop the build
 
  -- Emmanuel Bourg <[email protected]>  Tue, 22 Nov 2016 23:21:56 +0100
diff --git a/debian/rules b/debian/rules
index 07f3025..16d4dee 100755
--- a/debian/rules
+++ b/debian/rules
@@ -134,6 +134,12 @@ binary-indep: build install
        jh_manifest
        dh_compress
        dh_fixperms
+
+       # Make the/etc/tomcat8/Catalina/localhost directory writable by the 
tomcat user
+       for PACKAGE in tomcat8 tomcat8-admin tomcat8-docs tomcat8-examples; do \
+         chmod 775 --verbose debian/$$PACKAGE/etc/tomcat8/Catalina/localhost; \
+       done
+
        dh_lintian
        dh_installdeb
        dh_gencontrol
diff --git a/debian/tomcat8.postinst b/debian/tomcat8.postinst
index 20e73c7..6f5d1b9 100644
--- a/debian/tomcat8.postinst
+++ b/debian/tomcat8.postinst
@@ -69,7 +69,7 @@ case "$1" in
 
        chown -Rh $TOMCAT8_USER:$TOMCAT8_GROUP /var/lib/tomcat8/webapps 
/var/lib/tomcat8/lib
        chmod 775 /var/lib/tomcat8/webapps
-       chmod 775 /etc/tomcat8/Catalina /etc/tomcat8/Catalina/localhost
+       chmod 775 /etc/tomcat8/Catalina
 
        # Authorize user tomcat8 to open privileged ports via authbind.
        TOMCAT_UID="`id -u $TOMCAT8_USER`"

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-java/tomcat8.git

_______________________________________________
pkg-java-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits

Reply via email to