Le 29/11/2016 à 23:45, Markus Koschany a écrit : > I don't understand why this is a security issue when > /etc/tomcat8/Catalina/attack is owned by root:root after the purge and > the tomcat8 user doesn't even exist anymore.
My understanding is that the file is left with execution permissions for all users and setgid root after the purge. Any local user can then take control of the system. Emmanuel Bourg __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.