On Fri, Aug 08, 2014 at 03:00:19AM -0400, Joey Hess wrote: > Package: unattended-upgrades > Version: 0.79.5 > Severity: normal > Tags: security
Thanks for your bugreport and sorry for my slow reply. > /var/log/unattended-upgrades/ is readable by all, so when this package is > run on a multi-user system, non-admin users can trawl the upgrade logs > for interesting information. [..] I totally agree with the concern and fixed the permissions of the dir to root:adm 0750 (as you suggested) and the dpkg log to root:adm 0640 too. This will be part of my next upload. > Any reason not to make the directory 750 root.adm? No, fixed. Do you think this should go out to stable as well? Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
