FS#39808 : [lighttpd] /var/{cache,log}/lighttpd should not be world-readable

FS#39808 - [lighttpd] /var/{cache,log}/lighttpd should not be world-readable

Attached to Project: Arch Linux
Opened by Daniel Micay (thestinger) - Thursday, 10 April 2014, 19:41 GMT
Last edited by Pierre Schmitz (Pierre) - Friday, 15 May 2015, 11:50 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Pierre Schmitz (Pierre)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Daniel Micay (thestinger) (2014-04-10)
Private	No

Details

These logs (especially error.log) should not be exposed to other services/users on the system without the administrator explicitly opting into it. This line in the PKGBUILD should be changed to 750:

install -d -m755 -o http -g http $pkgdir/var/{log,cache}/lighttpd/

This task depends upon

Closed by Pierre Schmitz (Pierre)
Friday, 15 May 2015, 11:50 GMT
Reason for closing: Fixed

Comment by Matthias Dienstbier (fs4000) - Thursday, 10 April 2014, 23:14 GMT

I vote for using syslog/journal by default. (server.errorlog-use-syslog = "enable")

Comment by Daniel Micay (thestinger) - Thursday, 10 April 2014, 23:41 GMT

The cache permissions still need to be changed whether or not it uses journald. I agree that it would be nice to replace these logs with the journal but I think it belongs in another feature request.

Comment by Doug Newgard (Scimmia) - Wednesday, 13 May 2015, 22:31 GMT

ping Pierre...

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#39808 - [lighttpd] /var/{cache,log}/lighttpd should not be world-readable

Details

Loading...