[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#257108: apache: /var/lib/apache/mod-bandwidth/ is world writable

On Thu, Jul 01, 2004 at 11:37:10AM +0200, Fabio Massimo Di Nitto wrote:
> This has been discussed before several time. Here is one:
> 
> http://lists.debian.org/debian-apache/2004/02/msg00045.html

Well, the fact this bug is reported again, is an indication of
inadequate documentation... Maybe this should be documented in the
README? 

Also, I do think it's a valid point that that directory should probably
be sticky. Why not leave this bug open until this is investigated? It
can probably be set to normal since indeed this doesn't seem like a
security bug, but still. It allows anybody to evade quota's and
resource-starve a server by filling up /var/lib.

--Jeroen

-- 
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
Reply to: