Re: log permissions

To: debian-security@lists.debian.org
Subject: Re: log permissions
From: Christian Kurz <shorty@debian.org>
Date: Fri, 3 Nov 2000 17:22:03 +0100
Message-id: <[🔎] 20001103172203.U21049@seteuid.getuid.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20001103165027.A3159@ids.org.au>
References: <[🔎] 20001103165027.A3159@ids.org.au>

On 00-11-03 Ian wrote:
> There are too many to list, but here are some:
> -rw-r--r--    1 root     root      8232348 Nov  3 06:43 tripwire

Maybe some logfile of tripwire? I don't know it's content so I can't
make a judgement about it's security risk.

> -rw-r--r--    1 root     root        10152 Nov  3 14:49 wdm.log

Also I don't know what this file contains, but as the name suggest, it
has been created by wdm. So it may contain information about who has
logged into the box at which time.

> -rw-r--r--    1 root     root            0 Nov  3 06:26 mysql.err

Well, as the name suggest, this file will contain error messages of
mysql but it's empty and so no risk.

> -rw-r--r--    1 root     adm             0 Oct 29 06:47 cfingerd.log

Looks like cfingerd is writing a logfile about who has tried to finger
which user on your box. I think it would be enough if it's readable to
root and adm(ins).

> -rw-r--r--    1 root     root         8483 Oct 22 12:42 dmesg

This one contains the information that you see while you are booting
your PC. If you haven't put your box into a safe and removed every reset
button and so, that no one will be able to reboot the system, this file
won't be a security risk. If someone can reboot your server, he will get
also this info. So in my opinion it's alright that everybody can take a
look at it.

> -rw-rw-r--    1 root     utmp       320908 Nov  3 16:43 lastlog

This file contains information about all users on your system and when
they have logged in for the last time. I currently have no idea, which
security risk should be opened when every user can take a look at this
information.

> -rw-r--r--    1 root     root       947139 Nov  3 16:36 nmb

I never saw a logfile with this name and "apt-cache search nmb", so I
can't comment on that.

> why are these files read by all? I have "normal" users on my system,
> and although I trust them, these kinds of permissions make me feel a
> little paranoid. ie: they could be used by someone to investigate
> system use, etc..

Why don't you look into those logfiles for yourself and examine their
content and then make a decision which logfiles you want to protect
more?

Ciao
     Christian
-- 
          Debian Developer and Quality Assurance Team Member
    1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Attachment: pgp3QoX8Has5r.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: log permissions
  - From: Christian Hammers <ch@westend.com>
- Re: log permissions
  - From: Ian Zimmerman <itz@speakeasy.org>

References:
- log permissions
  - From: Ian <ian@semisphere.org>

Prev by Date: Re: log permissions
Next by Date: buffer overflow in pine <= 4.21
Previous by thread: Re: log permissions
Next by thread: Re: log permissions
Index(es):
- Date
- Thread