Bug#314956: Excess permission or bad ownership on file /var/log/btmp

To: submit@bugs.debian.org
Subject: Bug#314956: Excess permission or bad ownership on file /var/log/btmp
From: dean gaudet <dean-debian@arctic.org>
Date: Sun, 19 Jun 2005 09:53:31 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.62.0506190938450.29182@twinlark.arctic.org>
Reply-to: dean gaudet <dean-debian@arctic.org>, 314956@bugs.debian.org

Package: openssh-server
Version: 1:4.1p1-4

openssh 4.x now tries to append to /var/log/btmp (on bad passwords for 
example), but it's excessively anal about the permissions on that file. it 
doesn't permit group or other to have any of read/write/execute.

the default debian setup is this:

-rw-rw-r--  1 root utmp 3840 Jun 18 14:40 /var/log/btmp

and there are legit reasons for group utmp writability... such as:

-rwxr-sr-x  1 root utmp 306616 Nov 14  2004 /usr/bin/screen

i really don't know what to recommend as the right fix for this... you 
could disable USE_BTMP entirely, which was the pre-4.0 behaviour anyhow. 
or modify it to permit the debian perms...

-dean

Reply to:

Prev by Date: Bug#314745: openssh-client: please move README.Debian to openssh-server
Next by Date: Bug#314645: /usr/sbin/sshd: time delay of password check proves account existence to attackers
Previous by thread: Bug#73611: security
Next by thread: Bug#315040: openssh-server: Problem with pam_setcred() call
Index(es):
- Date
- Thread