Bug 653601

Summary: Sensitive (apache2) log files leaked by saving to /tmp by default
Product: [openSUSE] openSUSE 11.3 Reporter: Martin Vidner <mvidner>
Component: YaST2Assignee: Michal Zugec <mzugec>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Major    
Priority: P5 - None    
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Martin Vidner 2010-11-15 13:42:23 UTC 
As reported here: http://forums.opensuse.org/english/get-help-here/network-internet/449838-yast2-exposes-apache-httpd-error-log.html

YaST offers to save the log files to /tmp by default. It should offer a directory that is not world readable, like /root .
/usr/share/YaST2/modules/LogView.ycp:399
Comment 1 Michal Zugec 2010-11-16 14:50:54 UTC 
done in yast2-2.20.5
default save place is "~" instead of "/tmp"