Hi, On Samstag, 11. Dezember 2010, Florian Zumbiehl wrote: > I was up to, plus anyone on d-qa who read my mail there also could have > pointed me in the right direction, so I won't take the blame for that.
I've read your mail to debian-qa some weeks ago and I've read the bug report.
Which stated, that the bug in logrotate was fixed in squeeze and that there
was no issue in the default setup in lenny neither:
"In the default setup, this, of course, shouldn't be a problem, since
logrotate is run with an effective group of root, and any member of that
group will usually have access to the log files anyway. When logrotate
is used by normal users, though, this could be a security problem." (from the
initial mail to 388608, 3rd text paragraph)
And so I thought, so what?
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
