Bug#833257: Bug#825786: tomcat8: postinst script overwrites file permissions in /etc

2016-12-01 Thread Emmanuel Bourg 
Le 1/12/2016 à 09:36, Emmanuel Bourg a écrit :

> I observed that even when copyXML is false, Tomcat creates an empty
> directory per virtualhost under /etc/tomcat8/Catalina (for example
> /etc/tomcat8/Catalina/www.example.org). When I made
> /etc/tomcat8/Catalina read-only Tomcat didn't complain, no error was
> reported in the logs.

Actually Tomcat did log an error message:

  SEVERE [Catalina-startStop-1] 
org.apache.catalina.startup.HostConfig.beforeStart
  Unable to create directory for deployment: /etc/tomcat8/Catalina/localhost

But there is no other impact, the server works fine.

The message can be disabled by setting the createDirs attribute
of the Host element to false (it's true by default).

http://tomcat.apache.org/tomcat-8.5-doc/config/host.html#Common_Attributes

  "createDirs: If set to true, Tomcat will attempt to create
  the directories defined by the attributes appBase and xmlBase
  during the startup phase. The default value is true. If set
  to true, and directory creation fails, an error message will
  be printed out but will not halt the startup sequence."

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#833257: Bug#825786: tomcat8: postinst script overwrites file permissions in /etc

2016-12-01 Thread Emmanuel Bourg 
On Tue, 2 Aug 2016 11:06:56 +0200 Markus Koschany  wrote:

> Tomcat 8 should not write files into /etc/tomcat8/Catalina.

The fact that Tomcat is able to write to /etc/tomcat8/Catalina
contributed to the vulnerability described in #845393.

This directory is writable because Tomcat copies the context.xml files
of the web applications there. This is controlled by the copyXML
attribute of the Host element in server.xml which is false by default. I
suspect this feature is rarely used, so we could simply make the
/etc/tomcat8/Catalina directory read-only for the tomcat8 user. That
would solve this bug and the #845393 vulnerability. If the administrator
wants to set copyXML to true, he will have to adjust the permissions of
the directory.

I observed that even when copyXML is false, Tomcat creates an empty
directory per virtualhost under /etc/tomcat8/Catalina (for example
/etc/tomcat8/Catalina/www.example.org). When I made
/etc/tomcat8/Catalina read-only Tomcat didn't complain, no error was
reported in the logs.

Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.