Home page logo

oss-sec logo oss-sec mailing list archives

Re: nginx world-readable logdir
From: gremlin () gremlin ru
Date: Fri, 22 Feb 2013 12:15:30 +0400

On 22-Feb-2013 00:29:48 -0700, Kurt Seifried wrote:

I just noticed my nginx logdir and its content are
world-readable: What do you think about?
About misconfiguration? Nothing:
% grep create /etc/logrotate.d/nginx
create 640 root wheel
What are the initial permissions prior to log rotation?

Of course, exactly the same - 640, root:wheel :-)

I've built my own package (for Openwall GNU/*/Linux, not yet
in mainstream), and there I use explicit log file creation in
the %post section (touch && chown && chmod) without relying
on a umask (although in Owl it's restrictive by default: 077).

So I think that ${subject} is just a misconfiguration.

Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]