On 27/Apr/2010, at 11:56 AM, Chuck Hill wrote: >> To be clear, I don't advocate changing the log file to be world writable. > Why not? It is a log file, it is for debugging. How serious is this > security issue really compared to having debug log files that few will ever > figure out how to make work? Either I am missing something, or that is a > trade off that I'd be willing to look at.
Well, first off, my BOFH training says that I get to decide who can write to my log files! ;-) Secondly, the adaptor code isn't careful to check that it is a log file before making changes to it. In the case where these changes are done by a process running as root, care must be taken. M. _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
