https://bugzilla.novell.com/show_bug.cgi?id=704154
https://bugzilla.novell.com/show_bug.cgi?id=704154#c3
Johannes Meixner
Hello,
the CUPS 1.4.6 "configure --help" reads: ----------------------------------------------------------------------- --with-config-file-perm set default ConfigFilePerm value, default=0640 --with-log-file-perm set default LogFilePerm value, default=0644 -----------------------------------------------------------------------
I wonder whether world-readable log files might be insecure as the logs might contain sensitive data and in general the logs are probably not useful for normal users.
The default log level is "warning" in recent versions of CUPS. Thus, almost nothing gets logged unless there are issues, and then it is incredibly annoying when you can't look at the log as an ordinary user (I've had to work around various Linux distro choices WRT Apache log permissions, for example) or for automated log processing programs that need access but won't run with the "right" group. ============================================================================ This means: The defaults (i.e. LogLevel 'warn' plus LogFilePerm 0644) are sufficiently secure. If an admin changes the LogLevel in cupsd.conf, he could add a "LogFilePerm 0640" entry to make log file access more secure if needed in his particular environment. The problem described is not a bug and according to https://bugzilla.novell.com/page.cgi?id=fields.html#status I close this bug report as invalid. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.