Re: Bits from the release team: the plans for etch

To: Andreas Barth <aba@not.so.argh.org>
Cc: Marc Haber <mh+debian-devel@zugschlus.de>, debian-devel@lists.debian.org
Subject: Re: Bits from the release team: the plans for etch
From: Thomas Bushnell BSG <tb@becket.net>
Date: Wed, 26 Oct 2005 12:31:38 -0700
Message-id: <[🔎] 87y84g13dx.fsf@becket.becket.net>
In-reply-to: <[🔎] 20051026184557.GZ6026@ns.snowman.net> (Stephen Frost's message of "Wed, 26 Oct 2005 14:45:57 -0400")
References: <[🔎] 20051026091100.GA3940@javifsp.no-ip.org> <[🔎] E1EUiKp-0005zI-4A@scyw00225.scy001.de> <[🔎] 20051026130749.GO6026@ns.snowman.net> <87d5lss2md.fsf@becket.becket.net> <[🔎] 20051026160420.GS6026@ns.snowman.net> <[🔎] 87psps5fvw.fsf@becket.becket.net> <[🔎] 20051026175131.GX6026@ns.snowman.net> <[🔎] 87d5ls2lv4.fsf@becket.becket.net> <[🔎] 20051026181328.GY6026@ns.snowman.net> <[🔎] 20051026182713.GG31042@mails.so.argh.org> <[🔎] 20051026184557.GZ6026@ns.snowman.net>

Stephen Frost <sfrost@snowman.net> writes:

> * Andreas Barth (aba@not.so.argh.org) wrote:
>> * Stephen Frost (sfrost@snowman.net) [051026 20:13]:
>> > This is just patently false, as has been pointed out elsewhere.  What
>> > security hole, exactly, is created by orphaning a file?
>> 
>> Well, if some process (maybe within the package) creates a private log
>> file that contains sensitive information, and this log file can later on
>> be read by a process with much less privileges, this is usually
>> considered as security relevant issue.
>
> Except log files are supposed to be removed and I don't know of any
> actual case of this happening anyway.

We aren't talking about log files created by the package, but by the
sysadmin.

What if the sysadmin has taken the sensitive log and squirreled it
away, saving it for future reference?  Is that no longer a supported
thing? 

> Additionally, this is *not* a problem with the orphaning of the file,
> it's a problem with the reuse of a previously-used uid.  I could see
> adding a system to track previously-used uids and not reusing them.  I
> don't believe using passwd for that (and keeping unused accounts in
> passwd/shadow/group/gshadow/etc) is appropriate.  

Why?  What purpose is served by segregating the information?

Reply to:

Follow-Ups:
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>

References:
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Bits from the release team: the plans for etch
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Bits from the release team: the plans for etch
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Bits from the release team: the plans for etch
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: A thought about killing two bird with one stone
Next by Date: Re: Bits from the release team: the plans for etch
Previous by thread: Re: Bits from the release team: the plans for etch
Next by thread: Re: Bits from the release team: the plans for etch
Index(es):
- Date
- Thread