This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch jessie in repository tomcat8.
commit 6dc0272788ec9003b99314634a5a2e2c211e3826 Author: Markus Koschany <[email protected]> Date: Thu Aug 11 22:18:25 2016 +0200 Protect tomcat8.init against symlink attack and possible root privilege escalation --- debian/tomcat8.init | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/tomcat8.init b/debian/tomcat8.init index 774c08a..c6ed51e 100644 --- a/debian/tomcat8.init +++ b/debian/tomcat8.init @@ -170,8 +170,10 @@ catalina_sh() { # Run the catalina.sh script as a daemon set +e - touch "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out - chown $TOMCAT8_USER "$CATALINA_PID" "$CATALINA_BASE"/logs/catalina.out + if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then + install -o $TOMCAT8_USER -g adm -m 644 /dev/null "$CATALINA_BASE"/logs/catalina.out + fi + install -o $TOMCAT8_USER -g adm -m 644 /dev/null "$CATALINA_PID" start-stop-daemon --start -b -u "$TOMCAT8_USER" -g "$TOMCAT8_GROUP" \ -c "$TOMCAT8_USER" -d "$CATALINA_TMPDIR" -p "$CATALINA_PID" \ -x /bin/bash -- -c "$AUTHBIND_COMMAND $TOMCAT_SH" -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
