Hi,
I got no answers to this on debian-security, maybe it was the wrong list.
I'm not sure whether this really is a security issue. If it is not, please
let me know why those directories need to be world-writable or why it is
not a problem.
----- Forwarded message from Philipp Weis <[EMAIL PROTECTED]> -----
From: Philipp Weis <[EMAIL PROTECTED]>
Subject: /var/lib/apache/mod-bandwidth world-writable
Date: Sun, 1 Feb 2004 16:49:28 +0100
To: debian-security@lists.debian.org
Message-ID: <[EMAIL PROTECTED]>
Hi!
Tiger just warned me about some world-writable directories.
/var/lib/apache/mod-bandwidth is one of them, and I do not see any reason
why this one would need write-permissions for everyone.
The postinst script of apache-common explicitly sets those permissions:
# Fixing mod-bandwith owner/permissions
chown -R www-data:www-data /var/lib/apache/mod-bandwidth
chmod -R 777 /var/lib/apache/mod-bandwidth
Is there a valid reason for 777 instead of 664 or 660?
Regards
----- End forwarded message -----
--
Philipp Weis [EMAIL PROTECTED]
Freiburg, Germany http://pweis.com/
