[Pkg-nginx-maintainers] Bug#701112: Directory /var/log/nginx is world readable

Sweetypie Mmm sweetypiemmn at gmail.com
Tue Mar 21 04:11:23 UTC 2017


On Thu, 21 Feb 2013 20:19:24 +0200 Henri Salo <henri at nerv.fi> wrote:
> Package: nginx
> Version: 0.7.67-3+squeeze3
> Severity: normal
> Tags: security
>
> After installing nginx in squeeze directory /var/log/nginx is world
readable as
> reported in http://www.openwall.com/lists/oss-security/2013/02/21/15
>
> I suggest something like this for a fix:
>
> """puppet-common postinst in unstable sets dpkg-statoverride --update
--add puppet
> puppet 0750 /var/log/puppet"""
>
> Logging is enabled after service is started.
>
> -- System Information:
> Debian Release: 6.0.6
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages nginx depends on:
> ii  libc6                 2.11.3-4           Embedded GNU C Library:
Shared lib
> ii  libgeoip1             1.4.7~beta6+dfsg-1 A non-DNS IP-to-country
resolver l
> ii  libpcre3              8.02-1.1           Perl 5 Compatible Regular
Expressi
> ii  libssl0.9.8           0.9.8o-4squeeze14  SSL shared libraries
> ii  lsb-base              3.2-23.2squeeze1   Linux Standard Base 3.2 init
scrip
> ii  zlib1g                1:1.2.3.4.dfsg-3   compression library - runtime
> nginx recommends no packages.
> nginx suggests no packages.
> -- no *debconf* information
>
>
>-STOP BUGGING MY MOBILE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-nginx-maintainers/attachments/20170320/56ac8477/attachment.html>


More information about the Pkg-nginx-maintainers mailing list