Emmanuel wrote:
>> Might protect against "static" things, but vulnerable to a race.
> I'm not sure to understand, what kind of race could happen here?
Hmm... You suggested some chmod before chown. Your attacker sits tight,
waits for the chmod, then creates the "bad thing" in readiness for your
ch
On 30.11.2016 14:17, Emmanuel Bourg wrote:
> Le 22/11/2016 à 23:35, Paul Szabo a écrit :
>
>> Then if the tomcat8 package is removed (purged?), the postrm script runs
>> chown -Rhf root:root /etc/tomcat8/
>> and that will leave the file world-writable, setgid root
>
> What about switching the f
Le 22/11/2016 à 23:35, Paul Szabo a écrit :
> Then if the tomcat8 package is removed (purged?), the postrm script runs
> chown -Rhf root:root /etc/tomcat8/
> and that will leave the file world-writable, setgid root
What about switching the files left to nobody:nogroup instead of
root:root? That
Hi Paul,
Le 23/11/2016 à 01:46, paul.sz...@sydney.edu.au a écrit :
> Might protect against "static" things, but vulnerable to a race.
I'm not sure to understand, what kind of race could happen here?
> But really... why do you care about leaving some "dangling" useless
> object, owned by some l
Le 30/11/2016 à 00:20, Markus Koschany a écrit :
> rm -rf /etc/tomcat8
>
> I mean purge means purge. Remove all files, don't leave anything behind.
That's tempting but I wonder if we aren't missing something.
Other packages are installing things under /etc/tomcat8, for example
solr-tomcat and j
Le 29/11/2016 à 23:45, Markus Koschany a écrit :
> I don't understand why this is a security issue when
> /etc/tomcat8/Catalina/attack is owned by root:root after the purge and
> the tomcat8 user doesn't even exist anymore.
My understanding is that the file is left with execution permissions for
I think the solution is quite simple.
Let's replace
chown -Rhf root:root /etc/tomcat8/ || true
with
rm -rf /etc/tomcat8
I mean purge means purge. Remove all files, don't leave anything behind.
As another improvement suggestion for Tomcat 9, we could stop deleting
the tomcat user on purge and
> I don't understand why this is a security issue when
> /etc/tomcat8/Catalina/attack is owned by root:root after the purge and
> the tomcat8 user doesn't even exist anymore.
Nevermind. I missed the "world". However dpkg warns about that
/etc/tomcat8/Catalina is not empty on purge, so the admin wi
On Wed, 23 Nov 2016 09:35:34 +1100 Paul Szabo
wrote:
> Package: tomcat8
> Version: 8.0.14-1+deb8u4
> Severity: critical
> Tags: security
>
> Having installed tomcat8, the directory /etc/tomcat8/Catalina is set
> writable by group tomcat8, as per the postinst script. Then the tomcat8
> user, in th
Dear Emmanuel,
> Do you think running something like "chmod -R 640 /etc/tomcat8" right
> before the chown is an appropriate solution to this issue?
Might protect against "static" things, but vulnerable to a race.
Your postrm script might want to kill all tomcat8 processes, also.
That might be a
Hi Paul,
Thank you very much for reporting this issue. I confirm this happens
when purging the package only. The offending chown was first introduced
in the tomcat6 package 6 years ago [1] as part of the fix for #567548.
The same issue is also found in the tomcat7 package.
Do you think running so
Package: tomcat8
Version: 8.0.14-1+deb8u4
Severity: critical
Tags: security
Having installed tomcat8, the directory /etc/tomcat8/Catalina is set
writable by group tomcat8, as per the postinst script. Then the tomcat8
user, in the situation envisaged in DSA-3670 and DSA-3720, see also
http://secl
12 matches
Mail list logo
