tags 603048 + pending thanks Adam Majer dijo [Mon, Nov 15, 2010 at 01:53:48PM -0600]: > > Asking the administrator to make the log files mode 0666 would make > > them vulnerable to modification or erasure by any system user. Even > > given that many of Rails' users are not Unix-savvy, this should > > clearly be rephrased. > > Good catch. That is some failed recommendation. Although this is not > really a security bug - it's a documentation bug. Normally the > recommendation should be that the logfile is chown to the user of the > running rails application (eg. webserver) and still be 0644 or 0640 or > even 0600.
I agree - but it is a terrible recommendation to make, surely suggested by a non-unixy person! > Do you happen to have access to git.debian.org? If you do, can you > apply your patch? The procedure is basically, > (...) Done. Thanks! -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
