Bug#845385: Privilege escalation via removal
Emmanuel Bourg
ebourg at apache.org
Wed Nov 30 13:17:13 UTC 2016
Hi Paul,
Le 23/11/2016 à 01:46, paul.szabo at sydney.edu.au a écrit :
> Might protect against "static" things, but vulnerable to a race.
I'm not sure to understand, what kind of race could happen here?
> But really... why do you care about leaving some "dangling" useless
> object, owned by some long-gone UID or GID?
I don't know the motivations behind this complexity. I can imagine a
case where an administrator switches from tomcat8 to tomcat9 and doesn't
expect the old package to remove files unknown to him so they can be
moved to the configuration directory of the new package.
The upgrade scenario could look like this:
1. Install tomcat8
2. Declare a web application in /etc/tomcat8/Catalina/localhost
3. Uninstall tomcat8
4. Install tomcat9
5. Move /etc/tomcat8/Catalina/localhost/* to /etc/tomcat9/Catalina/localhost
If the step 3 also removes the webapp configuration the administrator is
going to be angry (but arguably less than having his system hacked).
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list