Bug#845385: Privilege escalation via removal
Markus Koschany
apo at debian.org
Tue Nov 29 22:59:16 UTC 2016
> I don't understand why this is a security issue when
> /etc/tomcat8/Catalina/attack is owned by root:root after the purge and
> the tomcat8 user doesn't even exist anymore.
Nevermind. I missed the "world". However dpkg warns about that
/etc/tomcat8/Catalina is not empty on purge, so the admin will be
informed that something requires his attention. Besides all tomcat
processes are killed on purge.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20161129/14893acf/attachment.sig>
More information about the pkg-java-maintainers
mailing list