On Thu, Jul 26, 2007 at 06:17:28PM +0200, Marcus Better wrote: > severity 434762 minor > thanks > > > /var/lib/tomcat5.5/conf/tomcat-users.xml comes with file permissions > > 644. > > Yes, but /var/lib/tomcat5.5 is not world-readable: > > ~$ ls -ld /var/lib/tomcat5.5/conf > drwxr-x--- 3 tomcat55 adm 4096 2007-07-26 09:08 /var/lib/tomcat5.5/conf/ > > Still we could change the file permissions to be on the safe side.
I think this is a grave issue because this file contains world readable passwords, which is clearly a security issue and not minor. Cheers, Michael _______________________________________________ pkg-java-maintainers mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
