From: Wichert Akkerman <wichert@wiggy.net>
To: debian-security@lists.debian.org
Subject: Re: world readable log files and /etc/ files
Date: Sun, 28 Apr 2002 21:06:35 +0200
MIME-Version: 1.0
Received: from murphy.debian.org ([65.125.64.134]) by hotmail.com with
Microsoft SMTPSVC(5.0.2195.4905); Sun, 28 Apr 2002 12:10:17 -0700
Received: (qmail 10946 invoked by uid 38); 28 Apr 2002 19:06:45 -0000
Received: (qmail 10906 invoked from network); 28 Apr 2002 19:06:43 -0000
Received: from cabal.xs4all.nl (HELO mx1.wiggy.net)
(?bLeNwgFcs5FDRoEhD37OqQvyE0lahofl?@213.84.101.140) by murphy.debian.org
with SMTP; 28 Apr 2002 19:06:43 -0000
Received: from wichert by mx1.wiggy.net with local (Exim 3.35 #1
(Debian))id 171u0J-0003Ux-00for <debian-security@lists.debian.org>; Sun, 28
Apr 2002 21:06:35 +0200
X-Envelope-Sender: wichert@wiggy.net
Message-ID: <[🔎] 20020428190635.GI25134@wiggy.net>
Mail-Followup-To: debian-security@lists.debian.org
References: <[🔎] 20020428164057.GA7559@ids.org.au>
In-Reply-To: <[🔎] 20020428164057.GA7559@ids.org.au>
User-Agent: Mutt/1.3.28i
Resent-Message-ID: <FRsfk.A.0qC.FhEz8@murphy>
Resent-From: debian-security@lists.debian.org
X-Mailing-List: <debian-security@lists.debian.org> archive/latest/7034
X-Loop: debian-security@lists.debian.org
List-Post: <mailto:debian-security@lists.debian.org>
List-Help: <mailto:debian-security-request@lists.debian.org?subject=help>
List-Subscribe:
<mailto:debian-security-request@lists.debian.org?subject=subscribe>
List-Unsubscribe:
<mailto:debian-security-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-security-request@lists.debian.org
Return-Path: bounce-debian-security=steve11523=hotmail.com@lists.debian.org
X-OriginalArrivalTime: 28 Apr 2002 19:10:18.0777 (UTC)
FILETIME=[561ED890:01C1EEE8]
Previously Ian Cumming wrote:
> I was quite alarmed. There seem to be many files with world readable
> permissions, which _shouldnt_.
If you don't trust your local users on a server you have a different
problem imho.
> What is the policy for log files? I understand that it doesnt do _that_
> much harm allowing others to read, but it does disclose more than I want
> to reveal.
World-readable except for files with sensitive information.
Wichert.
--
_________________________________________________________________
/wichert@wiggy.net This space intentionally left occupied \
| wichert@deephackmode.org http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org