Bug#845385: Privilege escalation via removal

Emmanuel Bourg ebourg at apache.org
Tue Nov 29 23:29:23 UTC 2016


Le 29/11/2016 à 23:45, Markus Koschany a écrit :

> I don't understand why this is a security issue when
> /etc/tomcat8/Catalina/attack is owned by root:root after the purge and
> the tomcat8 user doesn't even exist anymore.

My understanding is that the file is left with execution permissions for
all users and setgid root after the purge. Any local user can then take
control of the system.

Emmanuel Bourg



More information about the pkg-java-maintainers mailing list