world readable log files and /etc/ files

To: debian-security@lists.debian.org
Subject: world readable log files and /etc/ files
From: Ian Cumming <ian@ids.org.au>
Date: Mon, 29 Apr 2002 02:40:57 +1000
Message-id: <[🔎] 20020428164057.GA7559@ids.org.au>
Mail-followup-to: debian-security@lists.debian.org

Hi,

I was just cleaning up after rebuilding a machine, and I decided to take
a look at the log file and /etc permissions.

I was quite alarmed. There seem to be many files with world readable
permissions, which _shouldnt_.

ie:
/var/log/xfer.log
/var/log/samba/*
/var/log/mailman/*

and in /etc:
/etc/proftpd.conf
/etc/netatalk/*
/etc/smb/smb.conf
/etc/apache-perl/cron.conf

What is the policy for log files? I understand that it doesnt do _that_
much harm allowing others to read, but it does disclose more than I want
to reveal.

And now every time I install a package, I'm paranoid about the
permissions, so I have to go check them.

Ian.

-- 
Ian Cumming, ian@semisphere.org

"The number of Unix installations has grown to 10, with more expected."
-- The Unix Programmer's Manual, 2nd Edition, June, 1972


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: world readable log files and /etc/ files
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: world readable log files and /etc/ files
  - From: lupe@lupe-christoph.de (Lupe Christoph)

Prev by Date: Re: A more secure form of .htaccess?
Next by Date: Re: world readable log files and /etc/ files
Previous by thread: Re: IPtables and Connection Tracking
Next by thread: Re: world readable log files and /etc/ files
Index(es):
- Date
- Thread