[Nottingham] LibreOffice cloud?
Jason Irwin
jasonirwin73 at gmail.com
Tue Jan 21 12:04:24 UTC 2014
On 21/01/14 11:20, Duncan wrote:
> An example from the default tomcat7 webapp policy (policy.d/04webapps.policy) is
> the following:
>
> grant {
> ...
> // java.io.tmpdir should be usable as a temporary file directory
> permission java.util.PropertyPermission "java.io.tmpdir", "read";
> permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
>
> };
>
> Which grants read,write,delete access to tmpdir to webapps.
> Great, except my experience as a sysadmin tells me unfettered access to
> tmpdir is a recipe for security holes (eg. the classic "ln -s /etc/passwd
> /tmp/afileyouknowarootprocesswillcreate").
>
> To understand if that is a problem I would need to audit all webapps to determine
> if having unfettered access to tmpdir (or any other permission) could be abused
> by a user to cause damage or open up my system. And life is just too short
> for that.
Or tell Tomcat (well, more correctly, Tomcat's JVM) to use a different
location for temp stuff (e.g. /tmp/tomcat-only) and deny it access to
/tmp. There's various ways this can be done, but off the cuff I'd just
add it as an option to the JVMvia JAVA_OPTIONS:
-Djava.io.tmpdir=/tmp/tomcat-only
--
╔═════════════╦══════════════════════════════════════════╗
║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1 ║
║ ║ Import from hkp://subkeys.pgp.net ║
╚═════════════╩══════════════════════════════════════════╝
More information about the Nottingham
mailing list