oss-sec mailing list archives

CVE request: nginx world-readable logdir

From: Henri Salo <henri () nerv fi>
Date: Thu, 21 Feb 2013 20:17:07 +0200

On Thu, Feb 21, 2013 at 06:50:14PM +0100, Agostino Sarubbo wrote:

Hello,

I just noticed my nginx logdir and its content are world-readable:

drwxr-xr-x  2 root root  4096 Jan 10 00:11 .
drwxr-xr-x 16 root root  4096 Feb 21 17:46 ..
-rw-r--r--  1 root root 69415 Feb 21 17:46 error_log
-rw-r--r--  1 root root 93017 Feb 18 22:03 localhost.access_log
-rw-r--r--  1 root root 86227 Feb 18 22:03 localhost.error_log

What do you think about?

-- 
Agostino Sarubbo / ago -at- gentoo.org
Gentoo Linux Developer


Also affects Debian squeeze package. I will report a bug. Can we get a CVE
assigned for this issue, thank you.

--
Henri Salo

Current thread:

nginx world-readable logdir Agostino Sarubbo (Feb 21)
- Re: nginx world-readable logdir Henri Salo (Feb 21)
- CVE request: nginx world-readable logdir Henri Salo (Feb 21)
  - Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
    - Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)
    - Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)
    - Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
- Re: nginx world-readable logdir gremlin (Feb 21)
  - Re: nginx world-readable logdir Kurt Seifried (Feb 21)
    - Re: nginx world-readable logdir gremlin (Feb 22)
    - Re: nginx world-readable logdir Kurt Seifried (Feb 22)
    - Re: nginx world-readable logdir Henri Salo (Feb 22)
    - Re: nginx world-readable logdir gremlin (Feb 22)

(Thread continues...)