Bug#254068: base-config log should not be world readable

[Vassilii Khachaturov <vassilii@tarunz.org>]

> > I believe that the base-config logs should not be world readable.
> > Some of the packages ask for passwords that are echoed back during
> > the configuration (e.g. pppoeconf), albeit stored later in files
> > not readable by the world.
>
>
> THen this bug pertains to what you call pppoeconf (isn't this
> pppconfig?) rather than base-config.....imho.

I thought someone might think so, but (imho as well) i still believe
it's more of a non-package-related issue. As there is no policy saying
things like "setup logs are world readable, so you MUST NOT echo
passwords" for all the packages, the packages need not "know" about the
base-config issues "wrapping" them.

With the priority of debconf questions set at low, there are hundreds
of questions asked. Are we going to review each and every of them
to see if there's a security risk in logging the setup process? I
think that, especially in the view of the absense of a policy in the
likes of the above it is much more feasible to just make the logs
unreadable by non-root (and actually I can't justify a setup
in which it would be needed for a non-root to read them. They're only
there for troubleshooting root's work, aren't they?)