1
2
3
4
5
6
7
8
9
10
11
12
13
|
Template: nginx/log-symlinks
Type: note
_Description: Possible insecure nginx log files
The following log files under /var/log/nginx directory are symlinks
owned by www-data:
.
${logfiles}
.
Since nginx 1.4.4-4 /var/log/nginx was owned by www-data. As a result
www-data could symlink log files to sensitive locations, which in turn
could lead to privilege escalation attacks. Although /var/log/nginx
permissions are now fixed it is possible that such insecure links
already exist. So, please make sure to check the above locations.
|
