Launchpad has imported 9 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=490561.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2009-03-17T00:04:27+00:00 Vincent wrote: It was reported to Ubuntu that ntop creates the access log world-writable when the --access-log-file option is used. This option is not used in Fedora or Red Hat by default and is not noted in the configuration file. It is, however, noted in the ntop manpage. It would require the root user to add this option to the configuration in order for this file to be created. This is a low severity issue. A possible fix would be the following patch: --- http.c.org 2009-03-16 16:28:10.000000000 -0700 +++ http.c 2009-03-16 16:27:55.000000000 -0700 @@ -1298,6 +1298,7 @@ void printHTMLtrailer(void) { void initAccessLog(void) { if(myGlobals.runningPref.accessLogFile) { + umask(0137); myGlobals.accessLogFd = fopen(myGlobals.runningPref.accessLogFile, "a"); if(myGlobals.accessLogFd == NULL) { traceEvent(CONST_TRACE_ERROR, "Unable to create file %s. Access log is disabled.", Reply at: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393/comments/3 ------------------------------------------------------------------------ On 2009-03-17T00:07:11+00:00 Vincent wrote: Forgot to note the Ubuntu bug report: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393 Reply at: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393/comments/4 ------------------------------------------------------------------------ On 2009-03-17T09:11:55+00:00 Fedora wrote: ntop-3.3.8-3.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/ntop-3.3.8-3.fc10 Reply at: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393/comments/5 ------------------------------------------------------------------------ On 2009-03-17T09:16:31+00:00 Rakesh wrote: Fixed in rawhide and submitted an update to bodhi. Will take some time to reach updates. Reply at: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393/comments/6 ------------------------------------------------------------------------ On 2009-03-17T09:52:56+00:00 Tomas wrote: Please do not close 'Security Response' bugs that may affect other products as well. Thank you! Reply at: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393/comments/7 ------------------------------------------------------------------------ On 2009-04-13T14:32:18+00:00 Rakesh wrote: This has been pushed into stable. Why not close it now ?? Which other products it effects ?? I am confused. Reply at: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393/comments/12 ------------------------------------------------------------------------ On 2009-04-13T19:46:06+00:00 Fedora wrote: ntop-3.3.8-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393/comments/13 ------------------------------------------------------------------------ On 2009-04-14T16:13:02+00:00 Vincent wrote: Hi, Rakesh. Fedora is not the only product shipping this (EPEL5 and HPC also ship it). Reply at: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393/comments/14 ------------------------------------------------------------------------ On 2009-04-21T08:08:34+00:00 Tomas wrote: Upstream bug: http://www.ntop.org/trac/ticket/75 Upstream commit: http://www.ntop.org/trac/changeset/3748/trunk Reply at: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/325393/comments/15 ** Changed in: ntop (Fedora) Status: In Progress => Fix Released ** Changed in: ntop (Fedora) Importance: Unknown => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/325393 Title: access.log is owned by root and has write permissions to anyone To manage notifications about this bug go to: https://bugs.launchpad.net/ntop/+bug/325393/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
