Closed teadur closed 7 years ago
According to CVE-2016-1247 /var/log/nginx shouldnot be owned by www-data Not sure if that patch brakes it for other distros, only tested on debian.
more info: https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
According to CVE-2016-1247 /var/log/nginx shouldnot be owned by www-data Not sure if that patch brakes it for other distros, only tested on debian.
more info: https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html