-
Florian Pritz authoredCVE-2016-1247 is a symlink attack on the log dir of nginx since a reopening of the logs (triggered by logrotate) opens the logs as nginx instead of root. logrotate creates the proper log files already so nginx doesn't need write permissions to those directories. Signed-off-by:Florian Pritz <bluewind@xinu.at>
Florian Pritz authoredCVE-2016-1247 is a symlink attack on the log dir of nginx since a reopening of the logs (triggered by logrotate) opens the logs as nginx instead of root. logrotate creates the proper log files already so nginx doesn't need write permissions to those directories. Signed-off-by:
Code owners
Assign users and groups as approvers for specific file changes. Learn more.