subject:"Bug#833257\: Bug#825786\: tomcat8\: postinst script overwrites file permissions in \/etc"

Bug#833257: Bug#825786: tomcat8: postinst script overwrites file permissions in /etc

2016-12-01 Thread Emmanuel Bourg

Le 1/12/2016 à 09:36, Emmanuel Bourg a écrit : > I observed that even when copyXML is false, Tomcat creates an empty > directory per virtualhost under /etc/tomcat8/Catalina (for example > /etc/tomcat8/Catalina/www.example.org). When I made > /etc/tomcat8/Catalina read-only Tomcat didn't complain,

Bug#833257: Bug#825786: tomcat8: postinst script overwrites file permissions in /etc

2016-12-01 Thread Emmanuel Bourg

On Tue, 2 Aug 2016 11:06:56 +0200 Markus Koschany wrote: > Tomcat 8 should not write files into /etc/tomcat8/Catalina. The fact that Tomcat is able to write to /etc/tomcat8/Catalina contributed to the vulnerability described in #845393. This directory is writable because