This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch jessie in repository tomcat8.
commit f54e32ead68c8dbfe3d9e9f611e7bdfc847721e4 Author: Emmanuel Bourg <[email protected]> Date: Wed Oct 26 16:27:47 2016 +0200 Fixed a race condition in tomcat8.init that could be exploited to chown/chmod any file, thanks to Paul Szabo --- debian/changelog | 8 ++++++++ debian/tomcat8.init | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index ae88605..b490eec 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +tomcat8 (8.0.14-1+deb8u4) UNRELEASED; urgency=medium + + * CVE-2016-1240 follow-up: Fixed a race condition in the init.d script + that could be exploited to make any existing file writable by the tomcat + user. Thanks to Paul Szabo for the report and the fix. + + -- Emmanuel Bourg <[email protected]> Sat, 12 Nov 2016 00:34:05 +0100 + tomcat8 (8.0.14-1+deb8u3) jessie-security; urgency=high * Team upload. diff --git a/debian/tomcat8.init b/debian/tomcat8.init index c6ed51e..4daebf5 100644 --- a/debian/tomcat8.init +++ b/debian/tomcat8.init @@ -171,7 +171,8 @@ catalina_sh() { # Run the catalina.sh script as a daemon set +e if [ ! -f "$CATALINA_BASE"/logs/catalina.out ]; then - install -o $TOMCAT8_USER -g adm -m 644 /dev/null "$CATALINA_BASE"/logs/catalina.out + # run install as tomcat8 to work around #841371 + su $TOMCAT8_USER -s /bin/bash -c "install -m 644 /dev/null $CATALINA_BASE/logs/catalina.out" fi install -o $TOMCAT8_USER -g adm -m 644 /dev/null "$CATALINA_PID" start-stop-daemon --start -b -u "$TOMCAT8_USER" -g "$TOMCAT8_GROUP" \ -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
