Hi,

I got no answers to this on debian-security, maybe it was the wrong list.
I'm not sure whether this really is a security issue. If it is not, please
let me know why those directories need to be world-writable or why it is
not a problem.


----- Forwarded message from Philipp Weis <[EMAIL PROTECTED]> -----

From: Philipp Weis <[EMAIL PROTECTED]>
Subject: /var/lib/apache/mod-bandwidth world-writable
Date: Sun, 1 Feb 2004 16:49:28 +0100
To: debian-security@lists.debian.org
Message-ID: <[EMAIL PROTECTED]>

Hi!

Tiger just warned me about some world-writable directories.
/var/lib/apache/mod-bandwidth is one of them, and I do not see any reason
why this one would need write-permissions for everyone.

The postinst script of apache-common explicitly sets those permissions:

  # Fixing mod-bandwith owner/permissions
                                                                                
  chown -R www-data:www-data /var/lib/apache/mod-bandwidth
  chmod -R 777 /var/lib/apache/mod-bandwidth

Is there a valid reason for 777 instead of 664 or 660?

Regards

----- End forwarded message -----

-- 
Philipp Weis          [EMAIL PROTECTED]
Freiburg, Germany     http://pweis.com/


Reply via email to