[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#286740: apache: log directory should have same permissions as logfiles (possible information disclosure)

On Thu, Dec 23, 2004 at 01:20:02PM +0000, Jan Minar wrote:

> On Wed, Dec 22, 2004 at 07:05:13PM -0800, Matt Zimmerman wrote:
> > The user can just as easily find out that an error was caused by noticing
> > the 5xx error returned by the server in response to the request.
> Only if it was an error returned to them.  Also, the log files can have
> far more detail than just the error code.

The detail is irrelevant, since the user can't read the file.  In both
cases, they can find out that an error occurred.

 - mdz

Reply to: