oss-sec mailing list archives
Re: nginx world-readable logdir
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 22 Feb 2013 00:29:48 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/22/2013 12:17 AM, gremlin () gremlin ru wrote:
On 21-Feb-2013 18:50:14 +0100, Agostino Sarubbo wrote:I just noticed my nginx logdir and its content are world-readable: What do you think about?About misconfiguration? Nothing: % grep create /etc/logrotate.d/nginx create 640 root wheel %
What are the initial permissions prior to log rotation? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRJx5sAAoJEBYNRVNeJnmTbLgP/1zESmHGF4DrjXDjwy67Vva9 jM8ndLDRyIJEwY5PKU7bloQMY/3F2zUPiRsz6LePL3rl0EgldoMdC57L99jL7hYk UYRafEPf+oiZWtUGaSsndA9ITd+HsFvQvEaUvHdbBM5hVorldJhCvWKh3aIsQvBT OhLjXWwfvZp/GWBkNAAlzfMIlKys1jybeVWcYBoDXgkl8W+c3EZ+7Q837KfcYPQ9 t8j+qt8AA/VALbw0flMmfvhyTqem7skDq0bWNK9oGY1aJrryYAmQTWDA6lBtH9YJ dAn17qhU/AWq1/aPDrNXtAvv5nq95z5I0gNtR25qhcFbLsQle5Ay2UGIQuRLZNW7 WjGgBi988nlgACA6Ii32OXZN5XV1ymi+/9PYZLvGzQh4PanWEOmeXfhIa3+xIdMM Bh2Pw7kt3MmT/wziDjna/zZVM3mHo69sfzr3XzvFrj6bO+JQgTJbRrDL+dtz3Jc1 FKQfwpUySVyHM/wUN14/voP9/WYC5hpeukMo1A/EsE1SwvFjSr2/WUtrrVuL55vC kfg34XAXFdD829+QJO+FzZuVaGnIkAlOu0Bg8q64WdQCy3iOH4uRmc7+wcuUgJ6P t/jVvaKsy2Boe3YydlDLgekh6JlZUdV/I1pO5xjKRRtSwtdPGbh6mmO+rtzPO68Q 9RwN8kTezag+ftlefZvQ =bfd4 -----END PGP SIGNATURE-----
Current thread:
- nginx world-readable logdir Agostino Sarubbo (Feb 21)
- Re: nginx world-readable logdir Henri Salo (Feb 21)
- CVE request: nginx world-readable logdir Henri Salo (Feb 21)
- Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
- Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)
- Re: CVE request: nginx world-readable logdir Anders Petersson (Feb 21)
- Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
- Re: CVE request: nginx world-readable logdir Kurt Seifried (Feb 21)
- Re: nginx world-readable logdir Kurt Seifried (Feb 21)
- Re: nginx world-readable logdir gremlin (Feb 22)
- Re: nginx world-readable logdir Kurt Seifried (Feb 22)
- Re: nginx world-readable logdir Henri Salo (Feb 22)
- Re: nginx world-readable logdir gremlin (Feb 22)
- nginx CVE-2013-0337 world-readable logs gremlin (Feb 23)
- Re: nginx CVE-2013-0337 world-readable logs Kurt Seifried (Feb 24)