Date: Sun, 06 Mar 2011 16:19:04 +0700 From: Pavel Labushev <p.labushev@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request -- logrotate -- nine issues 06.03.2011 02:21, Solar Designer пишет: >> At least in Gentoo there are packages >> (ebuilds and eclasses) that create user/group-writable directories in >> /var/log and enable logrotate to handle the log files there. > > Is this something you can get fixed? I hope it will be fixed soon. Would be nice to have CVEs assigned for these issues anyway, just to make people aware. If even package maintainers got it wrong, I bet there's a legion of users who also did.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ