*** This bug is a security vulnerability ***
Public security bug reported:
The logrotate script of lighttpd does a lighttpd reload, which is what
it should do, but if I stop the lighttpd daemon manually I certainly do
NOT want it to be started again by the log rotation. reload should NOT
start a daemon if it is not running IMO.
restart -> stop and start
reload -> reload config (for some this is also stop/start, but it should only
be executed if the daemon was running before.)
This is a security issue, because if someone does not know that and
intentionally stops the server for some reason and wants to leave it
that way eg. for testing or so, the server gets started and may run with
faulty software. (happened to me)
** Affects: lighttpd (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** Summary changed:
- lighttpd reload executes restart logrotate
+ lighttpd reload executes restart (bad on logrotate!)
--
lighttpd reload executes restart (bad on logrotate!)
https://bugs.launchpad.net/bugs/393792
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
