Re: [ovirt-users] Problem with reporting
Am 23.06.2014 08:58, schrieb Alon Bar-Lev:
----- Original Message -----
> From: "Sven Kieske" <S.Kieske(a)mittwald.de>
> To: users(a)ovirt.org
> Sent: Monday, June 23, 2014 9:48:36 AM
> Subject: Re: [ovirt-users] Problem with reporting
>
> This is somewhat..insecure.
>
> In which ovirt version was this changed to /var/lib, shouldn't this
> qualify for an
> cve entry? I didn't see any security notification coming up for this.
why insecure?
/var/lib/ovirt-engine is secure at the same level of /var/tmp/ovirt-engine
Please correct me if I'm wrong but on my CentOS 6.5 /var/tmp/ is world
writeable whereas /var/lib/ is not.
So any malicious content on this machine could modify the ovirt jboss
instance, or not?
it was moved to avoid automatic tools that assumes that assume that a
file can deleted if had not been modified for x days.
>
> Am 23.06.2014 08:27, schrieb Alon Bar-Lev:
>> his is the deployment location.... jboss is managing its "deployments"
in a
>> place in which it can write files, so we set it to /var/tmp
>
> --
> Mit freundlichen Grüßen / Regards
>
> Sven Kieske
>
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen