Package: dtc-common Severity: important Tags: upstream, security /usr/share/dtc/admin/install/functions: chmod 666 /var/log/dtc.log root@testdtc:~# ls -l /var/log/dtc.log -rw-rw-rw- 1 root root 27664 Aug 13 00:40 /var/log/dtc.log
Why would a log file like this need to be world writable? 0666 is rarely if ever going to be the correct permissions. The logrotate config that is installed makes the file 0640 and owned by root:adm when the file is rotated. why would the permissions differ from the install script? -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
