DO NOT REPLY [Bug 47507] New: tomcat-users.xml is rewritten and made world-readable on startup (!)

bugzilla Fri, 10 Jul 2009 08:33:56 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=47507


           Summary: tomcat-users.xml is rewritten and made world-readable
                    on startup (!)
           Product: Tomcat 5
           Version: 5.5.23
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: tutu...@gmail.com


The file tomcat-users.xml, which may/does contain password information, is made
world-readable on startup, perhaps as a side effect of being rewritten.  The
rewriting itself seems like a bug (why is this being done?), but chmod'ing the
file to be world-readable is a serious security problem.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 47507] New: tomcat-users.xml is rewritten and made world-readable on startup (!)

Reply via email to