Am 23.06.2014 08:58, schrieb Alon Bar-Lev: > > > ----- Original Message ----- >> From: "Sven Kieske" <s.kie...@mittwald.de> >> To: users@ovirt.org >> Sent: Monday, June 23, 2014 9:48:36 AM >> Subject: Re: [ovirt-users] Problem with reporting >> >> This is somewhat..insecure. >> >> In which ovirt version was this changed to /var/lib, shouldn't this >> qualify for an >> cve entry? I didn't see any security notification coming up for this. > > why insecure? > > /var/lib/ovirt-engine is secure at the same level of /var/tmp/ovirt-engine
Please correct me if I'm wrong but on my CentOS 6.5 /var/tmp/ is world writeable whereas /var/lib/ is not. So any malicious content on this machine could modify the ovirt jboss instance, or not? > it was moved to avoid automatic tools that assumes that assume that a file > can deleted if had not been modified for x days. > >> >> Am 23.06.2014 08:27, schrieb Alon Bar-Lev: >>> his is the deployment location.... jboss is managing its "deployments" in a >>> place in which it can write files, so we set it to /var/tmp >> >> -- >> Mit freundlichen Grüßen / Regards >> >> Sven Kieske >> >> Systemadministrator >> Mittwald CM Service GmbH & Co. KG >> Königsberger Straße 6 >> 32339 Espelkamp >> T: +49-5772-293-100 >> F: +49-5772-293-333 >> https://www.mittwald.de >> Geschäftsführer: Robert Meyer >> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen >> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> > > > -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users