Open jmtd opened 8 months ago
We have a pattern of doing stuff like
chown -R $USER:root $SCRIPT_DIR chmod -R ug+rwX $SCRIPT_DIR chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/(something)
Consequently, many of the container executable scripts are owned by and writable by the running user, but that is not actually necessary for operation: furthermore, it isn't desirable because it increases an attack surface area.
All of /opt/jboss/container is owned by the running user and probably shouldn't be
/opt/jboss/container
https://issues.redhat.com/browse/OPENJDK-2814
We have a pattern of doing stuff like
Consequently, many of the container executable scripts are owned by and writable by the running user, but that is not actually necessary for operation: furthermore, it isn't desirable because it increases an attack surface area.