Bug#286740: apache: log directory should have same permissions as logfiles (possible information disclosure)
On Thu, Dec 23, 2004 at 01:20:02PM +0000, Jan Minar wrote:
> On Wed, Dec 22, 2004 at 07:05:13PM -0800, Matt Zimmerman wrote:
> > The user can just as easily find out that an error was caused by noticing
> > the 5xx error returned by the server in response to the request.
>
> Only if it was an error returned to them. Also, the log files can have
> far more detail than just the error code.
The detail is irrelevant, since the user can't read the file. In both
cases, they can find out that an error occurred.
--
- mdz
Reply to: