Bug#434762: tomcat5.5: tomcat-users.xml contains sensitive data, yet it is world-readable
Michael Koch
konqueror at gmx.de
Mon Jul 30 11:09:36 UTC 2007
On Sat, Jul 28, 2007 at 11:45:48PM +0200, Marcus Better wrote:
> David Pashley wrote:
> > On Jul 26, 2007 at 20:43, Michael Koch praised the llamas by saying:
> > > On Thu, Jul 26, 2007 at 06:17:28PM +0200, Marcus Better wrote:
> > > > Yes, but /var/lib/tomcat5.5 is not world-readable:
>
> > > I think this is a grave issue because this file contains world readable
> > > passwords, which is clearly a security issue and not minor.
>
> > The file isn't readable by other users, so it isn't grave.
>
> Michael, please confirm if you agree.
I agree. I was fooled by my user being in the adm group.
Sorry.
Cheers,
Michael
--
.''`. | Michael Koch <konqueror at gmx.de>
: :' : | Free Java Developer <http://www.classpath.org>
`. `' |
`- | 1024D/BAC5 4B28 D436 95E6 F2E0 BD11 5923 A008 2763 483B
More information about the pkg-java-maintainers
mailing list