[tomcat8] 02/06: Protect tomcat8.init against symlink attack and possible root privilege
Markus Koschany
apo at moszumanska.debian.org
Mon Aug 15 16:12:38 UTC 2016
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch jessie
in repository tomcat8.
commit 9a9fd4f1cae13304beed6d4e445d1be8a3917fe0
Author: Markus Koschany <apo at debian.org>
Date: Thu Aug 11 22:18:25 2016 +0200
Protect tomcat8.init against symlink attack and possible root privilege
escalation
---
debian/tomcat8.init | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/debian/tomcat8.init b/debian/tomcat8.init
index 774c08a..c6ed51e 100644
--- a/debian/tomcat8.init
+++ b/debian/tomcat8.init
@@ -170,8 +170,10 @@ catalina_sh() {
# Run the catalina.sh script as a daemon
set +e
- touch "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
- chown $TOMCAT8_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out
+ if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then
+ install -o $TOMCAT8_USER -g adm -m 644 /dev/null "$CATALINA_BASE"/logs/catalina.out
+ fi
+ install -o $TOMCAT8_USER -g adm -m 644 /dev/null "$CATALINA_PID"
start-stop-daemon --start -b -u "$TOMCAT8_USER" -g "$TOMCAT8_GROUP" \
-c "$TOMCAT8_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \
-x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git
More information about the pkg-java-commits
mailing list