Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]
Stephen Frost <sfrost@snowman.net> wrote:
> * Don Armstrong (don@debian.org) wrote:
>> On Wed, 26 Oct 2005, Javier Fernández-Sanguino Peña wrote:
>> > On Wed, Oct 26, 2005 at 05:24:28PM +0200, Frank Küster wrote:
>> > > What about log files with sensitive content?
>> >
>> > Non-issue, as I said in the end of my post, those should be removed
>> > on purge.
>>
>> The log files that are created by the default package configuration
>> should be removed, but custom modifications to the configuration can
>> cause logfiles to be created elsewhere that are owned by the user in
>> question.
>
> Have we actually got a specific case of this happening and there being a
> real security threat from it?
When I ran a samba server years ago, I changed the default log file names
and, IIRC, location.
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Reply to: