Bug#845385: Privilege escalation via removal
Emmanuel Bourg
ebourg at apache.org
Tue Nov 29 23:29:23 UTC 2016
Le 29/11/2016 à 23:45, Markus Koschany a écrit :
> I don't understand why this is a security issue when
> /etc/tomcat8/Catalina/attack is owned by root:root after the purge and
> the tomcat8 user doesn't even exist anymore.
My understanding is that the file is left with execution permissions for
all users and setgid root after the purge. Any local user can then take
control of the system.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list