[Nottingham] LibreOffice cloud?

Jason Irwin jasonirwin73 at gmail.com
Tue Jan 21 12:04:24 UTC 2014


On 21/01/14 11:20, Duncan wrote:
> An example from the default tomcat7 webapp policy (policy.d/04webapps.policy) is
> the following:
> 
> grant {
> 	...
>     // java.io.tmpdir should be usable as a temporary file directory
>     permission java.util.PropertyPermission "java.io.tmpdir", "read";
>     permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
> 
> };
> 
> Which grants read,write,delete access to tmpdir to webapps.
> Great, except my experience as a sysadmin tells me unfettered access to
> tmpdir is a recipe for security holes (eg. the classic "ln -s /etc/passwd
> /tmp/afileyouknowarootprocesswillcreate").
> 
> To understand if that is a problem I would need to audit all webapps to determine
> if having unfettered access to tmpdir (or any other permission) could be abused
> by a user to cause damage or open up my system.  And life is just too short
> for that.
Or tell Tomcat (well, more correctly, Tomcat's JVM) to use a different
location for temp stuff (e.g. /tmp/tomcat-only) and deny it access to
/tmp. There's various ways this can be done, but off the cuff I'd just
add it as an option to the JVMvia JAVA_OPTIONS:
	-Djava.io.tmpdir=/tmp/tomcat-only

-- 
╔═════════════╦══════════════════════════════════════════╗
║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1 ║
║             ║ Import from hkp://subkeys.pgp.net        ║
╚═════════════╩══════════════════════════════════════════╝



More information about the Nottingham mailing list