Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#39808 - [lighttpd] /var/{cache,log}/lighttpd should not be world-readable
Attached to Project:
Arch Linux
Opened by Daniel Micay (thestinger) - Thursday, 10 April 2014, 19:41 GMT
Last edited by Pierre Schmitz (Pierre) - Friday, 15 May 2015, 11:50 GMT
Opened by Daniel Micay (thestinger) - Thursday, 10 April 2014, 19:41 GMT
Last edited by Pierre Schmitz (Pierre) - Friday, 15 May 2015, 11:50 GMT
|
DetailsThese logs (especially error.log) should not be exposed to other services/users on the system without the administrator explicitly opting into it. This line in the PKGBUILD should be changed to 750:
install -d -m755 -o http -g http $pkgdir/var/{log,cache}/lighttpd/ |
This task depends upon
Comment by Matthias Dienstbier (fs4000) -
Thursday, 10 April 2014, 23:14 GMT
I vote for using syslog/journal by default. (server.errorlog-use-syslog = "enable")
Comment by Daniel Micay (thestinger) -
Thursday, 10 April 2014, 23:41 GMT
The cache permissions still need to be changed whether or not it uses journald. I agree that it would be nice to replace these logs with the journal but I think it belongs in another feature request.
Comment by Doug Newgard (Scimmia) -
Wednesday, 13 May 2015, 22:31 GMT
ping Pierre...