Processing commands for [EMAIL PROTECTED]:
tag 286740 - security
Bug#286740: apache: log directory should have same permissions as logfiles
(possible information disclosure)
Tags were: security
Tags removed: security
thanks
Stopping processing here.
Please contact me if you need assistance.
Your message dated Wed, 22 Dec 2004 09:57:13 +0100
with message-id [EMAIL PROTECTED]
and subject line Bug#286740: apache: log directory should have same permissions
as logfiles (possible information disclosure)
has caused the attached Bug report to be marked as done.
This means that you claim
Hi,
I had the same problem here, due to a ever growing number of vhosts. I
had a look at lsof and I saw that logging directives inside each vhost
caused the number of open files to explode. I've removed some of them
and I should be ok again for a year (1200 - 800 open files), or till an
upgrade
On Wed, Dec 22, 2004 at 09:57:13AM +0100, Fabio Massimo Di Nitto wrote:
tag 286740 - security
thanks
Jan Minar wrote:
| Package: apache
| Version: 1.3.33-2
| Severity: minor
| Tags: security
|
| Hi.
|
| /var/log/apache is world-readable, so users can e.g. check whether
| certain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jan Minar wrote:
| On Wed, Dec 22, 2004 at 09:57:13AM +0100, Fabio Massimo Di Nitto wrote:
|
|tag 286740 - security
|thanks
|
|Jan Minar wrote:
|| Package: apache
|| Version: 1.3.33-2
|| Severity: minor
|| Tags: security
||
|| Hi.
||
|| /var/log/apache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| On Wed, Dec 22, 2004 at 11:44:54AM +0100, Fabio Massimo Di Nitto wrote:
|
| |There is no point in such operation. If a user have a local account
| |it also has at least a few other thousands options to make a DoS on
| apache.
Ce jour Wed, 22 Dec 2004, Fabio Massimo Di Nitto a dit:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| On Wed, Dec 22, 2004 at 11:44:54AM +0100, Fabio Massimo Di Nitto wrote:
|
it's funny, 'cause both of you have made good points. thing is, i've
already chmodded
On Wed, Dec 22, 2004 at 11:44:54AM +0100, Fabio Massimo Di Nitto wrote:
Jan Minar wrote:
| On Wed, Dec 22, 2004 at 09:57:13AM +0100, Fabio Massimo Di Nitto wrote:
|
|tag 286740 - security
|thanks
|
|Jan Minar wrote:
|| Package: apache
|| Version: 1.3.33-2
|| Severity: minor
|| Tags:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Ce jour Wed, 22 Dec 2004, Fabio Massimo Di Nitto a dit:
|
|
|-BEGIN PGP SIGNED MESSAGE-
|Hash: SHA1
|
|[EMAIL PROTECTED] wrote:
|| On Wed, Dec 22, 2004 at 11:44:54AM +0100, Fabio Massimo Di Nitto wrote:
||
|
|
| it's
Ce jour Wed, 22 Dec 2004, Fabio Massimo Di Nitto a dit:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Ce jour Wed, 22 Dec 2004, Fabio Massimo Di Nitto a dit:
|
| it's funny, 'cause both of you have made good points. thing is, i've
| already chmodded my apache*
Package: apache2-mpm-prefork
Version: 2.0.52-3
Hi.
If you're doing a 'apt-get update' 'apt-get upgrade' you 'll be able to get
the following error while installing/upgrading:
The upgrade-process will hang until you're terminating it manually - at
package apache2-mpm-prefork. Even while
On Tue, Dec 21, 2004 at 09:41:35PM +, Jan Minar wrote:
Package: apache
Version: 1.3.33-2
Severity: minor
Tags: security
Hi.
/var/log/apache is world-readable, so users can e.g. check whether
certain operation triggered an error. And given that the error strings
are pretty
Package: apache2
Version: 2.0.52-3
Severity: minor
I want to use apache with external crypto devices.(SSL accelerator card)
To enable openssl engine stuff,
please add --enable-rule=SSL_EXPERIMENTAL to AP2_COMMON_CONFARGS
Tetsuhiro Nakane
13 matches
Mail list logo