Hi, On Samstag, 11. Dezember 2010, Florian Zumbiehl wrote: > I was up to, plus anyone on d-qa who read my mail there also could have > pointed me in the right direction, so I won't take the blame for that. I've read your mail to debian-qa some weeks ago and I've read the bug report. Which stated, that the bug in logrotate was fixed in squeeze and that there was no issue in the default setup in lenny neither: "In the default setup, this, of course, shouldn't be a problem, since logrotate is run with an effective group of root, and any member of that group will usually have access to the log files anyway. When logrotate is used by normal users, though, this could be a security problem." (from the initial mail to 388608, 3rd text paragraph) And so I thought, so what? cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.