logfiles world readable
Package: syslog,acct
Hello,
/var/log/auth.log and the other logfiels are world-readable. I think this is a
security problem. Especially in auth.log there are often Passwords logged
from users. In addition /var/accoun/pacct is readable, too. I think users
should not be able to see ever executed command on a system (without beeing
in group adm). Should i write a bug report for this, or is this an 'feature'
of an opn system?
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
( .. ) ecki@lina.{inka.de,ka.sub.org} http://home.pages.de/~eckes/
o--o *plush* 1024/E010B09D eckes@irc +4972573817 *plush*
(O____O) If privacy is outlawed only Outlaws have privacy
Reply to: