File: nginx-common.templates

package info (click to toggle)
nginx 1.18.0-6.1%2Bdeb11u3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 19,344 kB
  • sloc: ansic: 250,653; perl: 7,548; sh: 1,408; ruby: 879; python: 358; makefile: 338; awk: 36; cpp: 18
file content (13 lines) | stat: -rw-r--r-- 542 bytes parent folder | download | duplicates (10) 
1
2
3
4
5
6
7
8
9
10
11
12
13
 
Template: nginx/log-symlinks
Type: note
_Description: Possible insecure nginx log files
 The following log files under /var/log/nginx directory are symlinks
 owned by www-data:
 .
 ${logfiles}
 .
 Since nginx 1.4.4-4 /var/log/nginx was owned by www-data. As a result
 www-data could symlink log files to sensitive locations, which in turn
 could lead to privilege escalation attacks. Although /var/log/nginx
 permissions are now fixed it is possible that such insecure links
 already exist. So, please make sure to check the above locations.