[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing system users on purge [Re: Bits from the release team: the plans for etch]

Stephen Frost <sfrost@snowman.net> wrote:

> * Don Armstrong (don@debian.org) wrote:
>> On Wed, 26 Oct 2005, Javier Fernández-Sanguino Peña wrote:
>> > On Wed, Oct 26, 2005 at 05:24:28PM +0200, Frank Küster wrote:
>> > > What about log files with sensitive content?
>> > 
>> > Non-issue, as I said in the end of my post, those should be removed
>> > on purge.
>> The log files that are created by the default package configuration
>> should be removed, but custom modifications to the configuration can
>> cause logfiles to be created elsewhere that are owned by the user in
>> question.
> Have we actually got a specific case of this happening and there being a
> real security threat from it?

When I ran a samba server years ago, I changed the default log file names
and, IIRC, location.

Regards, Frank
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Reply to: