/var/lib/apache/mod-bandwidth world-writable [forwarded]

To: debian-apache@lists.debian.org
Subject: /var/lib/apache/mod-bandwidth world-writable [forwarded]
From: Philipp Weis <pweis@pweis.com>
Date: Wed, 4 Feb 2004 00:08:27 +0100
Message-id: <[🔎] 20040203230827.GA9434@zaphod.pweis.com>

Hi,

I got no answers to this on debian-security, maybe it was the wrong list.
I'm not sure whether this really is a security issue. If it is not, please
let me know why those directories need to be world-writable or why it is
not a problem.


----- Forwarded message from Philipp Weis <pweis@pweis.com> -----

From: Philipp Weis <pweis@pweis.com>
Subject: /var/lib/apache/mod-bandwidth world-writable
Date: Sun, 1 Feb 2004 16:49:28 +0100
To: debian-security@lists.debian.org
Message-ID: <20040201154927.GA25327@zaphod.pweis.com>

Hi!

Tiger just warned me about some world-writable directories.
/var/lib/apache/mod-bandwidth is one of them, and I do not see any reason
why this one would need write-permissions for everyone.

The postinst script of apache-common explicitly sets those permissions:

  # Fixing mod-bandwith owner/permissions
                                                                                
  chown -R www-data:www-data /var/lib/apache/mod-bandwidth
  chmod -R 777 /var/lib/apache/mod-bandwidth

Is there a valid reason for 777 instead of 664 or 660?

Regards

----- End forwarded message -----

-- 
Philipp Weis          pweis@pweis.com
Freiburg, Germany     http://pweis.com/

Reply to:

Follow-Ups:
- Re: /var/lib/apache/mod-bandwidth world-writable [forwarded]
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>

Prev by Date: Fwd: FW: Fwd: FW: Fwd: FW: Read only if you have time for God
Next by Date: Re: /var/lib/apache/mod-bandwidth world-writable [forwarded]
Previous by thread: Fwd: FW: Fwd: FW: Fwd: FW: Read only if you have time for God
Next by thread: Re: /var/lib/apache/mod-bandwidth world-writable [forwarded]
Index(es):
- Date
- Thread