Bug#434762: tomcat5.5: tomcat-users.xml contains sensitive data, yet it is world-readable

Marcus Better marcus at better.se
Sat Jul 28 21:45:48 UTC 2007


David Pashley wrote:
> On Jul 26, 2007 at 20:43, Michael Koch praised the llamas by saying:
> > On Thu, Jul 26, 2007 at 06:17:28PM +0200, Marcus Better wrote:
> > > Yes, but /var/lib/tomcat5.5 is not world-readable:

> > I think this is a grave issue because this file contains world readable
> > passwords, which is clearly a security issue and not minor.

> The file isn't readable by other users, so it isn't grave.

Michael, please confirm if you agree.

Cheers,

Marcus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20070728/9719af7b/attachment.pgp 


More information about the pkg-java-maintainers mailing list