Le 29/11/2016 à 23:45, Markus Koschany a écrit :
> I don't understand why this is a security issue when
> /etc/tomcat8/Catalina/attack is owned by root:root after the purge and
> the tomcat8 user doesn't even exist anymore.
My understanding is that the file is left with execution permissions for
all users and setgid root after the purge. Any local user can then take
control of the system.
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.