[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#286740: apache: log directory should have same permissions as logfiles (possible information disclosure)

Ce jour Wed, 22 Dec 2004, Fabio Massimo Di Nitto a dit:

> Hash: SHA1
> rm@fabula.de wrote:
> | On Wed, Dec 22, 2004 at 11:44:54AM +0100, Fabio Massimo Di Nitto wrote:
> |

it's funny, 'cause both of you have made good points. thing is, i've
already chmodded my apache* log dirs 750 =;). 

this situation is different here though. only people allowed shell
access are trusted people, therefore it doesn't matter much. 

the thing about security is to layer it. the more layers you have, the

say an attacker breaks through one layer, there is yet another few or
several layers they have get through to actually do any real harm. chmod
750 a log dir may or may not be a part of that. seems it's a touchy
subject... but privacy concerns - for both individuals and organisations
-  are important too. 

how about: either having a short debconf question about chmod 750
/var/log/apache*, and asking yes or no; or, a mention in README.Debian
about it. an admin that wants to do that anyway will do it, and for
others it might give them something to think about. 

(yes this is a proposal *grin*).

 ,''`.   http://www.debian.org/  GPG Print: 7C49 FD9C 1054 7300 3B7B
 : :' :  Debian GNU/Linux                   8BF4 6A88 7AE2 711D F097

Attachment: signature.asc
Description: Digital signature

Reply to: