tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: tomat8.5 write logs with incorret os permission
Date Tue, 09 Aug 2016 16:44:09 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daniel,

On 8/5/16 10:47 AM, Daniel Savard wrote:
> To me, it appears as false problem. I don't see why the change to
> the permissions on the log file is so critical for the security.
> You can simply set appropriately the permissions on the directory
> where the log files are written if you don't want anyone to look at
> them. You can use ACL if your OS support them. You can use umask to
> change the default behavior.

This is about establishing the most secure Tomcat by default. User-
and group-private log files are a security improvement, albeit small.
Users can easily change the umask as documented if they like the
previous behavior.

I don't think anyone is saying that this particular change makes
Tomcat significantly more secure. We are just saying that it makes it
a little bit more secure. Lots of "little bits" add up. That's why,
with every release, Tomcat gets a little bit more secure in lots of
little places.

> If security of log files is critical for your application, you
> should take time to design the logging appropriately and don't
> expect someone else to take care of all your concerns for you.

Agreed. But having Tomcat as an example of a good way to design
security is good for everyone in the community. We want to protect
people who aren't thinking about security from their own ignorance.

- -chris

> ----------------- Daniel Savard
> 
> 2016-08-05 7:24 GMT-04:00 André Warnier (tomcat) <aw@ice-sa.com>:
> 
>> Hi.
>> 
>> On 05.08.2016 08:00, 韭菜 wrote:
>> 
>>> Definitely a bad idea to relax the default permissions back to
>>> where they
>>>> were.  If you want to expose your own system to abuse, you
>>>> can set umask as documented in the changelog.
>>>> 
>>> Is there a way to like config some param to force tomcat write
>>> logs in old way ?and could you please give me a doc url about
>>> how set umask for tomcat run user ?
>>> 
>>> 
>> You might want to start here :
>> 
>> http://lmgtfy.com/?q=linux+umask+command
>> 
>> Then, you may need to find out which command or shell script, *on
>> your Linux system*, is starting Tomcat, and insert the desired
>> umask command there.
>> 
>> But please consider the remarks made previously by Chuck. 
>> Logfiles may contain information which you do not want to
>> disclose to other than a system administrator.  By making these
>> files widely readable, you weaken the security of your whole
>> server and perhaps much more.
>> 
>> Be aware also, that by setting the umask for the Tomcat process,
>> you are influencing the permissions of *any* file which Tomcat
>> itself, or any Tomcat webapp would create.
>> 
>> 
>> 
>>> 
>>> 
>>> ------------------ Original ------------------ From:
>>> "Caldarale, Charles R"<Chuck.Caldarale@unisys.com>; Date: 2016年
>>> 8月5日(星期五) 中午12:25 To: "Tomcat Users
>>> List"<users@tomcat.apache.org>; Subject: RE: tomat8.5 write
>>> logs with incorret os permission
>>> 
>>> 
>>> 
>>> From: 韭菜 [mailto:jiucai@qq.com]
>>>> Subject: tomat8.5 write logs with incorret os permission
>>>> 
>>> 
>>> When using tomcat8.0, it starts and write logs as follows:
>>>> (apache-tomcat-8.0.x) -rw-rw-r-- 1 app app 873710 Aug  4
>>>> 20:08 catalina.log When using tomcat8.5.x (include tomcat
>>>> 9.0.x), it starts and write logs as follows: 
>>>> (apache-tomcat-8.5.4) -rw-r----- 1 app app 100824 Aug  4
>>>> 20:10 catalina.log
>>>> 
>>> 
>>> A highly appropriate change, much needed to prevent untrusted
>>> users from accessing private information in the log.
>>> 
>>> So, tomcat8.5 caused other os users can not read its logs and
>>> webapps
>>>> logs that deployed at tomcat8.5. the logs files should has
>>>> permission 664, not 640.
>>>> 
>>> 
>>> Definitely not a good idea.
>>> 
>>> I thinks it is not good for java webapp devlopers ,  when my
>>> web app
>>>> write logs as data log, the logs files can not rsync by other
>>>> users and hosts.
>>>> 
>>> 
>>> As it should be.
>>> 
>>> but it works at tomcat7.0.x and tomcat8.0.x
>>>> 
>>> 
>>> "Works" is your definition; any site interested at all in
>>> secure operations would consider the old permissions to be
>>> dangerous and broken.
>>> 
>>> So I asked users to require further support for tomcat8.x write
>>> log files
>>>> feature.
>>>> 
>>> 
>>> Definitely a bad idea to relax the default permissions back to
>>> where they were.  If you want to expose your own system to
>>> abuse, you can set umask as documented in the changelog.
>>> 
>>> - Chuck
>>> 
>>> 
>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
>>> PROPRIETARY MATERIAL and is thus for use only by the intended
>>> recipient. If you received this in error, please contact the
>>> sender and delete the e-mail and its attachments from all
>>> computers.
>>> 
>>> 
>>> --------------------------------------------------------------------
- -
>>>
>>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>> 
>>> 
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
> 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXqghZAAoJEBzwKT+lPKRYvGcP/0rCHVoFB/6j1QzlMlff0ZpG
TZH1RpHoQY+9+gHBR1LZ/ODDMCNzLPXjTPwuxH1SVphO10O8Y/NzMjFbdk/jvCHi
hAtbLGvaK/dDNLbYsDhS2/2DfNQAmWZ/weiB739XXPIiGUl2g+qV/W4D985TP++G
YaOZY7YhtiKbulzYgzYbVn1afh/9AKeSUMDRXE7ShS3asFKv9NNb3wyZ0OLBMLFV
zQQj7CJcGLq7Jb7/Rsbe6tzhIJHFUIEWPuFH7fj7X4vMQBiatiILszYwFxPKSxSF
2rG+IzJeHlS/rZXZ1nJyTJe7fqt8rY69VH9Hw3kIqqIUX2RAPr9Owy1tmVSP84LY
XegYukiPAzPGHW52qBFWKdF811yFcDFoZMDs667Tk1dkNnKzt8S8jhli964jF64H
2gc8nAyxqvODXHkv8wCqE+BN5IaJzN8HbD//9rTOsWUWGYrb7hUZybQlIgk2EAmW
LZsa4X/hJqJzZy7hFj4t9OUZXs887bTmqi/oICN8DQX9+Sx/pqp6EEEyddZo9OLp
OD/PXSB824RBEHreudVYrWs06Gy5KSmBTXwnmVPYF7At6CigraJ+V6Yx+dmpZywZ
lgbgHvKLcY3ZOUmqBk+WtyagvWaQuWoMkhoHel2xP9wSwH9L6A9ztAeGZT8SdJzh
4lZr8iSzk6ELzBC5MMFM
=Ytf2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message