I suggest the file be chmodded to 600 during installation.
I should note this file gets recreated during start-up. The restricted
folder solution is simpler than patching tomcat. If a world readable
tomcat-users.xml isn't acceptable, you could try a user not writable
folder. That would issue a
On Sat, Jul 28, 2007 at 11:45:48PM +0200, Marcus Better wrote:
David Pashley wrote:
On Jul 26, 2007 at 20:43, Michael Koch praised the llamas by saying:
On Thu, Jul 26, 2007 at 06:17:28PM +0200, Marcus Better wrote:
Yes, but /var/lib/tomcat5.5 is not world-readable:
I think this is
David Pashley wrote:
On Jul 26, 2007 at 20:43, Michael Koch praised the llamas by saying:
On Thu, Jul 26, 2007 at 06:17:28PM +0200, Marcus Better wrote:
Yes, but /var/lib/tomcat5.5 is not world-readable:
I think this is a grave issue because this file contains world readable
passwords,
On Thu, Jul 26, 2007 at 06:17:28PM +0200, Marcus Better wrote:
severity 434762 minor
thanks
/var/lib/tomcat5.5/conf/tomcat-users.xml comes with file permissions
644.
Yes, but /var/lib/tomcat5.5 is not world-readable:
~$ ls -ld /var/lib/tomcat5.5/conf
drwxr-x--- 3 tomcat55 adm 4096
severity 434762 minor
thanks
/var/lib/tomcat5.5/conf/tomcat-users.xml comes with file permissions
644.
Yes, but /var/lib/tomcat5.5 is not world-readable:
~$ ls -ld /var/lib/tomcat5.5/conf
drwxr-x--- 3 tomcat55 adm 4096 2007-07-26 09:08 /var/lib/tomcat5.5/conf/
Still we could change the file
Package: tomcat5.5
Severity: grave
Tags: security
Justification: user security hole
/var/lib/tomcat5.5/conf/tomcat-users.xml comes with file permissions
644. I consider this a security problem, because it's all too easy to
add the admin or manager roles while forgetting to change the file
On Jul 26, 2007 at 20:43, Michael Koch praised the llamas by saying:
On Thu, Jul 26, 2007 at 06:17:28PM +0200, Marcus Better wrote:
severity 434762 minor
thanks
/var/lib/tomcat5.5/conf/tomcat-users.xml comes with file permissions
644.
Yes, but /var/lib/tomcat5.5 is not
Processing commands for [EMAIL PROTECTED]:
severity 434762 minor
Bug#434762: tomcat5.5: tomcat-users.xml contains sensitive data, yet it is
world-readable
Severity set to `minor' from `grave'
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
8 matches
Mail list logo