tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 47507] tomcat-users.xml is rewritten and made world-readable on startup (!)
Date Fri, 10 Jul 2009 16:25:02 GMT changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |

--- Comment #2 from  2009-07-10 09:25:01 PST ---
Thank you for the quick response.  The 'readonly' option seems to solve my
problem.  It would be handy to have it mentioned on this page:

With respect to the umask suggestion, this seems inadequate.  If tomcat really
wants to rewrite this file, it should be rewritten with permissions no looser
than the original permissions.  I'd call this a serious security bug.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message