-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Daniel,
On 8/5/16 10:47 AM, Daniel Savard wrote: > To me, it appears as false problem. I don't see why the change to > the permissions on the log file is so critical for the security. > You can simply set appropriately the permissions on the directory > where the log files are written if you don't want anyone to look at > them. You can use ACL if your OS support them. You can use umask to > change the default behavior. This is about establishing the most secure Tomcat by default. User- and group-private log files are a security improvement, albeit small. Users can easily change the umask as documented if they like the previous behavior. I don't think anyone is saying that this particular change makes Tomcat significantly more secure. We are just saying that it makes it a little bit more secure. Lots of "little bits" add up. That's why, with every release, Tomcat gets a little bit more secure in lots of little places. > If security of log files is critical for your application, you > should take time to design the logging appropriately and don't > expect someone else to take care of all your concerns for you. Agreed. But having Tomcat as an example of a good way to design security is good for everyone in the community. We want to protect people who aren't thinking about security from their own ignorance. - -chris > ----------------- Daniel Savard > > 2016-08-05 7:24 GMT-04:00 André Warnier (tomcat) <a...@ice-sa.com>: > >> Hi. >> >> On 05.08.2016 08:00, 韭菜 wrote: >> >>> Definitely a bad idea to relax the default permissions back to >>> where they >>>> were. If you want to expose your own system to abuse, you >>>> can set umask as documented in the changelog. >>>> >>> Is there a way to like config some param to force tomcat write >>> logs in old way ?and could you please give me a doc url about >>> how set umask for tomcat run user ? >>> >>> >> You might want to start here : >> >> http://lmgtfy.com/?q=linux+umask+command >> >> Then, you may need to find out which command or shell script, *on >> your Linux system*, is starting Tomcat, and insert the desired >> umask command there. >> >> But please consider the remarks made previously by Chuck. >> Logfiles may contain information which you do not want to >> disclose to other than a system administrator. By making these >> files widely readable, you weaken the security of your whole >> server and perhaps much more. >> >> Be aware also, that by setting the umask for the Tomcat process, >> you are influencing the permissions of *any* file which Tomcat >> itself, or any Tomcat webapp would create. >> >> >> >>> >>> >>> ------------------ Original ------------------ From: >>> "Caldarale, Charles R"<chuck.caldar...@unisys.com>; Date: 2016年 >>> 8月5日(星期五) 中午12:25 To: "Tomcat Users >>> List"<users@tomcat.apache.org>; Subject: RE: tomat8.5 write >>> logs with incorret os permission >>> >>> >>> >>> From: 韭菜 [mailto:jiu...@qq.com] >>>> Subject: tomat8.5 write logs with incorret os permission >>>> >>> >>> When using tomcat8.0, it starts and write logs as follows: >>>> (apache-tomcat-8.0.x) -rw-rw-r-- 1 app app 873710 Aug 4 >>>> 20:08 catalina.log When using tomcat8.5.x (include tomcat >>>> 9.0.x), it starts and write logs as follows: >>>> (apache-tomcat-8.5.4) -rw-r----- 1 app app 100824 Aug 4 >>>> 20:10 catalina.log >>>> >>> >>> A highly appropriate change, much needed to prevent untrusted >>> users from accessing private information in the log. >>> >>> So, tomcat8.5 caused other os users can not read its logs and >>> webapps >>>> logs that deployed at tomcat8.5. the logs files should has >>>> permission 664, not 640. >>>> >>> >>> Definitely not a good idea. >>> >>> I thinks it is not good for java webapp devlopers , when my >>> web app >>>> write logs as data log, the logs files can not rsync by other >>>> users and hosts. >>>> >>> >>> As it should be. >>> >>> but it works at tomcat7.0.x and tomcat8.0.x >>>> >>> >>> "Works" is your definition; any site interested at all in >>> secure operations would consider the old permissions to be >>> dangerous and broken. >>> >>> So I asked users to require further support for tomcat8.x write >>> log files >>>> feature. >>>> >>> >>> Definitely a bad idea to relax the default permissions back to >>> where they were. If you want to expose your own system to >>> abuse, you can set umask as documented in the changelog. >>> >>> - Chuck >>> >>> >>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE >>> PROPRIETARY MATERIAL and is thus for use only by the intended >>> recipient. If you received this in error, please contact the >>> sender and delete the e-mail and its attachments from all >>> computers. >>> >>> >>> -------------------------------------------------------------------- - - >>> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXqghZAAoJEBzwKT+lPKRYvGcP/0rCHVoFB/6j1QzlMlff0ZpG TZH1RpHoQY+9+gHBR1LZ/ODDMCNzLPXjTPwuxH1SVphO10O8Y/NzMjFbdk/jvCHi hAtbLGvaK/dDNLbYsDhS2/2DfNQAmWZ/weiB739XXPIiGUl2g+qV/W4D985TP++G YaOZY7YhtiKbulzYgzYbVn1afh/9AKeSUMDRXE7ShS3asFKv9NNb3wyZ0OLBMLFV zQQj7CJcGLq7Jb7/Rsbe6tzhIJHFUIEWPuFH7fj7X4vMQBiatiILszYwFxPKSxSF 2rG+IzJeHlS/rZXZ1nJyTJe7fqt8rY69VH9Hw3kIqqIUX2RAPr9Owy1tmVSP84LY XegYukiPAzPGHW52qBFWKdF811yFcDFoZMDs667Tk1dkNnKzt8S8jhli964jF64H 2gc8nAyxqvODXHkv8wCqE+BN5IaJzN8HbD//9rTOsWUWGYrb7hUZybQlIgk2EAmW LZsa4X/hJqJzZy7hFj4t9OUZXs887bTmqi/oICN8DQX9+Sx/pqp6EEEyddZo9OLp OD/PXSB824RBEHreudVYrWs06Gy5KSmBTXwnmVPYF7At6CigraJ+V6Yx+dmpZywZ lgbgHvKLcY3ZOUmqBk+WtyagvWaQuWoMkhoHel2xP9wSwH9L6A9ztAeGZT8SdJzh 4lZr8iSzk6ELzBC5MMFM =Ytf2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
