[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#191237: No, this could be a security problem.

retitle 191237 Default apache logfiles: world readable yes/no?
tags 191237 =

On Sat, Nov 29, 2003 at 06:30:46PM +0000, Thom May wrote:
> tags 191237 wontfix
> thanks
> The reason that this is not done is that the logs could contain sensitive data
> such as credit card details. This is also the reason the logs are not world
> readable.
> As such, I think I won't fix this "bug".

Currently, new logfiles are created by apache with 0640 root.root,
making them root-only readable. Logrotate will create the next one 0644
root.adm, making them world-readable.

This is inconsistent, but more importantly, this completely orthogonal
to what you, Thom, say here, as logfiles now ARE being made

I don't think they should, 0640 root.adm in all cases is a good default.


Jeroen van Wolffelaar

Reply to: