[jboss-jira] [JBoss JIRA] (AS7-6848) distribution directory permission for standalone/tmp/auth wrong
Bernd Eckenfels (JIRA)
jira-events at lists.jboss.org
Sat Apr 6 19:10:44 EDT 2013
[ https://issues.jboss.org/browse/AS7-6848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12765399#comment-12765399 ]
Bernd Eckenfels commented on AS7-6848:
--------------------------------------
7.1.1 is also affected. (I add this, since it might be relevant for the security advisory).
> distribution directory permission for standalone/tmp/auth wrong
> ---------------------------------------------------------------
>
> Key: AS7-6848
> URL: https://issues.jboss.org/browse/AS7-6848
> Project: Application Server 7
> Issue Type: Bug
> Components: Build System
> Affects Versions: 7.1.1.Final, EAP 6.1.0.Alpha (7.2.0.Final), 8.0.0.Alpha1
> Reporter: Bernd Eckenfels
> Assignee: Paul Gier
> Labels: installer, zip
>
> The dist/assembly.xml file adds the tmp/auth directories for standalone and domain mode with limited permissions (because this directly contains the local authentication token files).
> Due to what looks like a copy and paste error however the permissions are wrong for the standalone mode. I am not sure if it can be exploited, but it is wrong. I will send a Github pull request.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list