[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#286740: apache: log directory should have same permissions as logfiles (possible information disclosure)



On Thu, Dec 23, 2004 at 09:44:00AM -0800, Matt Zimmerman wrote:
> On Thu, Dec 23, 2004 at 01:20:02PM +0000, Jan Minar wrote:
> 
> > On Wed, Dec 22, 2004 at 07:05:13PM -0800, Matt Zimmerman wrote:
> > > The user can just as easily find out that an error was caused by noticing
> > > the 5xx error returned by the server in response to the request.
> > 
> > Only if it was an error returned to them.  Also, the log files can have
> > far more detail than just the error code.
> 
> The detail is irrelevant, since the user can't read the file.  In both
> cases, they can find out that an error occurred.

Please read the original bugreport.

-- 
 )^o-o^|    jabber: rdancer@NJS.NetLab.Cz
 | .v  K    e-mail: jjminar FastMail FM
 `  - .'     phone: +44(0)7981 738 696
  \ __/Jan     icq: 345 355 493
 __|o|__Minář  irc: rdancer@IRC.FreeNode.Net

Attachment: pgpVTFTLHj5CW.pgp
Description: PGP signature


Reply to: