Re: world readable log files and /etc/ files

To: Ian Cumming <ian@ids.org.au>, debian-security@lists.debian.org
Subject: Re: world readable log files and /etc/ files
From: lupe@lupe-christoph.de (Lupe Christoph)
Date: Mon, 29 Apr 2002 12:43:15 +0200
Message-id: <[🔎] 20020429104315.GF1195@lupe-christoph.de>
In-reply-to: <[🔎] 20020428164057.GA7559@ids.org.au>
References: <[🔎] 20020428164057.GA7559@ids.org.au>

On Monday, 2002-04-29 at 02:40:57 +1000, Ian Cumming wrote:

> I was just cleaning up after rebuilding a machine, and I decided to take
> a look at the log file and /etc permissions.

Which release? Woody?

> I was quite alarmed. There seem to be many files with world readable
> permissions, which _shouldnt_.

> ie:
> /var/log/xfer.log

Probably depends on your flavour of ftp daemon. Mine is
-rw-r-----    1 root     adm           335 Apr 24 15:46 /var/log/xferlog

> /var/log/samba/*

Here, /var/log/samba is:
drwxr-x---    2 root     adm          4096 Apr 28 07:48 /var/log/samba
The files *are*
-rw-r--r--    1 root     root        11144 Apr 28 14:49 log.nmbd
-rw-r--r--    1 root     root         1314 Apr 29 10:24 log.smbd
but this doesn't matter.

> /var/log/mailman/*

I don't have mailman, so I can't comment.

> and in /etc:
> /etc/proftpd.conf

I don't see anything that needs protection in my (default) proftpd.conf.

> /etc/netatalk/*

Don't have.

> /etc/smb/smb.conf

This one can have user names, so I guess it would be better off with
tighter access modes.

> /etc/apache-perl/cron.conf

I have no idea what this file is.

> What is the policy for log files? I understand that it doesnt do _that_
> much harm allowing others to read, but it does disclose more than I want
> to reveal.

Actually, having tighter access rights on logfiles may lead to the admin
handing out the root password to more people, resulting in lowered
security.

> And now every time I install a package, I'm paranoid about the
> permissions, so I have to go check them.

Be paranoid within reason. If you tighten security so much that you can
only work as root, you're easier to screw by trojans.

Lupe Christoph
-- 
| lupe@lupe-christoph.de       |        http://free.prohosting.com/~lupe |
| I have challenged the entire ISO-9000 quality assurance team to a      |
| Bat-Leth contest on the holodeck. They will not concern us again.      |
| http://public.logica.com/~stepneys/joke/klingon.htm                    |


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: world readable log files and /etc/ files
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- world readable log files and /etc/ files
  - From: Ian Cumming <ian@ids.org.au>

Prev by Date: Re: world readable log files and /etc/ files
Next by Date: Re: world readable log files and /etc/ files
Previous by thread: Re: world readable log files and /etc/ files
Next by thread: Re: world readable log files and /etc/ files
Index(es):
- Date
- Thread