On Jul 26, 2007 at 20:43, Michael Koch praised the llamas by saying: > On Thu, Jul 26, 2007 at 06:17:28PM +0200, Marcus Better wrote: > > severity 434762 minor > > thanks > > > > > /var/lib/tomcat5.5/conf/tomcat-users.xml comes with file permissions > > > 644. > > > > Yes, but /var/lib/tomcat5.5 is not world-readable: > > > > ~$ ls -ld /var/lib/tomcat5.5/conf > > drwxr-x--- 3 tomcat55 adm 4096 2007-07-26 09:08 /var/lib/tomcat5.5/conf/ > > > > Still we could change the file permissions to be on the safe side. > > I think this is a grave issue because this file contains world readable > passwords, which is clearly a security issue and not minor. > > mojo-jojo david% less /var/lib/tomcat5.5/conf/tomcat-users.xml /var/lib/tomcat5.5/conf/tomcat-users.xml: Permission denied
[EMAIL PROTECTED]:~# ls -l /var/lib/tomcat5.5/conf/ -d drwxr-x--- 3 tomcat55 adm 4096 2007-07-17 19:39 /var/lib/tomcat5.5/conf// [EMAIL PROTECTED]:~# ls -l /var/lib/tomcat5.5/conf/ ... -rw-r--r-- 1 tomcat55 nogroup 310 2007-07-17 19:39 tomcat-users.xml ... The file isn't readable by other users, so it isn't grave. -- David Pashley [EMAIL PROTECTED] Nihil curo de ista tua stulta superstitione. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
