[cups.general] Possibly insecure default LogFilePerm value 0644
Johannes Meixner
jsmeix at suse.de
Wed Jul 13 00:57:43 PDT 2011
Hello,
only FYI:
On Jul 12 18:21 Michael Sweet wrote (excerpt):
> On Jul 12, 2011, at 6:22 AM, Johannes Meixner wrote:
[...]
>> I wonder whether world-readable log files might be insecure
>> as the logs might contain sensitive data and in general
>> the logs are probably not useful for normal users.
>
> The default log level is "warning" in recent versions of CUPS.
> Thus, almost nothing gets logged unless there are issues,
> and then it is incredibly annoying when you can't look at the log
> as an ordinary user (I've had to work around various Linux distro
> choices WRT Apache log permissions, for example) or for automated log
> processing programs that need access but won't run with the "right" group.
Many thanks for the info about the LogLevel default which
matches the LogFilePerm default so that the overall-defaults
should be sufficiently secure.
Accordingly I could resolve the openSUSE bug report
https://bugzilla.novell.com/show_bug.cgi?id=704154
as "invalid".
>> By the way, I found two bugs in the documentation:
> Please file bugs here:
> http://www.cups.org/str.php
Done:
http://www.cups.org/str.php?L3885
http://www.cups.org/str.php?L3886
Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany
HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer
More information about the cups
mailing list