tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47507] tomcat-users.xml is rewritten and made world-readable on startup (!)
Date Fri, 10 Jul 2009 16:25:02 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47507


tutufan@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |




--- Comment #2 from tutufan@gmail.com  2009-07-10 09:25:01 PST ---
Thank you for the quick response.  The 'readonly' option seems to solve my
problem.  It would be handy to have it mentioned on this page:

    http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html


With respect to the umask suggestion, this seems inadequate.  If tomcat really
wants to rewrite this file, it should be rewritten with permissions no looser
than the original permissions.  I'd call this a serious security bug.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message