Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Feb 2013 18:50:14 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: nginx world-readable logdir

Hello,

I just noticed my nginx logdir and its content are world-readable:

drwxr-xr-x  2 root root  4096 Jan 10 00:11 .
drwxr-xr-x 16 root root  4096 Feb 21 17:46 ..
-rw-r--r--  1 root root 69415 Feb 21 17:46 error_log
-rw-r--r--  1 root root 93017 Feb 18 22:03 localhost.access_log
-rw-r--r--  1 root root 86227 Feb 18 22:03 localhost.error_log

What do you think about?

-- 
Agostino Sarubbo / ago -at- gentoo.org
Gentoo Linux Developer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ