Hi Michael I'll look this up. Thanks for the report.
// Ola On Sun, Apr 19, 2009 at 09:29:23PM -0400, Michael S. Gilbert wrote: > package: ntop > severity: important > tags: security > > hello, > > fedora issued the following as a security update for ntop [0]: > > ls -lh /var/log/ntop/access.log -rw-rw-rw- 1 root root 0 2009-02-04 > 11:53 /var/log/ntop/access.log > > Fixed. > > log world-writable when the --access-log- file option is used. > This option is not used in Fedora or Red Hat by default and is not > noted in the configuration file. It is, however, noted in the ntop > manpage. It would require the root user to add this option to the > configuration in order for this file to be created. > > is this a problem with ntop in debian, and should it be tracked as a > security issue? > > [0] https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2805 > > > -- --------------------- Ola Lundqvist --------------------------- / o...@debian.org Annebergsslingan 37 \ | o...@inguza.com 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
