Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • infrastructure infrastructure
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 106
    • Issues 106
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 14
    • Merge requests 14
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Arch LinuxArch Linux
  • infrastructureinfrastructure
  • Repository
Switch branch/tag
  • infrastructure
  • roles
  • security_tracker
  • tasks
  • main.yml
Find file BlameHistoryPermalink
  • Florian Pritz's avatar
    Fix permissions of nginx log dirs, CVE-2016-1247 · 57d62ca8
    Florian Pritz authored Feb 05, 2017
    
    
    CVE-2016-1247 is a symlink attack on the log dir of nginx since a
    reopening of the logs (triggered by logrotate) opens the logs as nginx
    instead of root. logrotate creates the proper log files already so
    nginx doesn't need write permissions to those directories.
    
    Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
    57d62ca8