Bug#701112: Directory /var/log/nginx is world readable

2017-03-20 Thread Sweetypie Mmm
On Thu, 21 Feb 2013 20:19:24 +0200 Henri Salo wrote: > Package: nginx > Version: 0.7.67-3+squeeze3 > Severity: normal > Tags: security > > After installing nginx in squeeze directory /var/log/nginx is world readable as > reported in http://www.openwall.com/lists/oss-security/2013/02/21/15 > > I su

Bug#701112: Directory /var/log/nginx is world readable

2013-02-21 Thread Salvatore Bonaccorso
Control: retitle -1 nginx: CVE-2013-0337: Directory /var/log/nginx is world readable Hi CVE was assigned now to this issue: CVE-2013-0337 . Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@li

Bug#701112: Directory /var/log/nginx is world readable

2013-02-21 Thread Steven Chamberlain
On 21/02/13 18:29, Henri Salo wrote: > As you said. For new files: -rw-r--r--, which in my opinion should be fixed. > Do > you agree? I agree this is not a good default. Some admins may want to allow (read-only) access to logs by log-analyser scripts like awstats/logwatch, running as an unprivil

Bug#701112: Directory /var/log/nginx is world readable

2013-02-21 Thread Henri Salo
On Thu, Feb 21, 2013 at 06:40:58PM +, Steven Chamberlain wrote: > But the decision rests with nginx maintainers now. Ok. Please notify me in case any help is needed. -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble

Bug#701112: Directory /var/log/nginx is world readable

2013-02-21 Thread Henri Salo
On Thu, Feb 21, 2013 at 06:25:07PM +, Steven Chamberlain wrote: > Hi, > > On 21/02/13 18:19, Henri Salo wrote: > > After installing nginx in squeeze directory /var/log/nginx is world > > readable as > > reported in http://www.openwall.com/lists/oss-security/2013/02/21/15 > > What about the p

Bug#701112: Directory /var/log/nginx is world readable

2013-02-21 Thread Steven Chamberlain
Hi, On 21/02/13 18:19, Henri Salo wrote: > After installing nginx in squeeze directory /var/log/nginx is world readable > as > reported in http://www.openwall.com/lists/oss-security/2013/02/21/15 What about the permissions of the files themselves? Logs that have been rotated are recreated by lo

Bug#701112: Directory /var/log/nginx is world readable

2013-02-21 Thread Henri Salo
Package: nginx Version: 0.7.67-3+squeeze3 Severity: normal Tags: security After installing nginx in squeeze directory /var/log/nginx is world readable as reported in http://www.openwall.com/lists/oss-security/2013/02/21/15 I suggest something like this for a fix: """puppet-common postinst in uns