Re: world readable log files and /etc/ files

["Steve Meyer" <steve11523@hotmail.com>]

It is also important to remember not to chown log files.  If you do this you 
could run into problems.  The proccess that writes the file may not be able 
too.


> From: Wichert Akkerman <wichert@wiggy.net>
> To: debian-security@lists.debian.org
> Subject: Re: world readable log files and /etc/ files
> Date: Sun, 28 Apr 2002 21:06:35 +0200
> MIME-Version: 1.0
> Received: from murphy.debian.org ([65.125.64.134]) by hotmail.com with 
> Microsoft SMTPSVC(5.0.2195.4905); Sun, 28 Apr 2002 12:10:17 -0700
> Received: (qmail 10946 invoked by uid 38); 28 Apr 2002 19:06:45 -0000
> Received: (qmail 10906 invoked from network); 28 Apr 2002 19:06:43 -0000
> Received: from cabal.xs4all.nl (HELO mx1.wiggy.net) 
> (?bLeNwgFcs5FDRoEhD37OqQvyE0lahofl?@213.84.101.140)  by murphy.debian.org 
> with SMTP; 28 Apr 2002 19:06:43 -0000
> Received: from wichert by mx1.wiggy.net with local (Exim 3.35 #1 
> (Debian))id 171u0J-0003Ux-00for <debian-security@lists.debian.org>; Sun, 28 
> Apr 2002 21:06:35 +0200
> X-Envelope-Sender: wichert@wiggy.net
> Message-ID: <[🔎] 20020428190635.GI25134@wiggy.net>
> Mail-Followup-To: debian-security@lists.debian.org
> References: <[🔎] 20020428164057.GA7559@ids.org.au>
> In-Reply-To: <[🔎] 20020428164057.GA7559@ids.org.au>
> User-Agent: Mutt/1.3.28i
> Resent-Message-ID: <FRsfk.A.0qC.FhEz8@murphy>
> Resent-From: debian-security@lists.debian.org
> X-Mailing-List: <debian-security@lists.debian.org> archive/latest/7034
> X-Loop: debian-security@lists.debian.org
> List-Post: <mailto:debian-security@lists.debian.org>
> List-Help: <mailto:debian-security-request@lists.debian.org?subject=help>
> List-Subscribe: 
> <mailto:debian-security-request@lists.debian.org?subject=subscribe>
> List-Unsubscribe: 
> <mailto:debian-security-request@lists.debian.org?subject=unsubscribe>
> Precedence: list
> Resent-Sender: debian-security-request@lists.debian.org
> Return-Path: bounce-debian-security=steve11523=hotmail.com@lists.debian.org
> X-OriginalArrivalTime: 28 Apr 2002 19:10:18.0777 (UTC) 
> FILETIME=[561ED890:01C1EEE8]
>
> Previously Ian Cumming wrote:
> > I was quite alarmed. There seem to be many files with world readable
> > permissions, which _shouldnt_.
>
> If you don't trust your local users on a server you have a different
> problem imho.
>
> > What is the policy for log files? I understand that it doesnt do _that_
> > much harm allowing others to read, but it does disclose more than I want
> > to reveal.
>
> World-readable except for files with sensitive information.
>
> Wichert.
>
> --
>   _________________________________________________________________
>  /wichert@wiggy.net         This space intentionally left occupied \
> | wichert@deephackmode.org            http://www.liacs.nl/~wichert/ |
> | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org