logfiles world readable

To: debian-user@Pixar.com
Subject: logfiles world readable
From: eckes <ecki@lina.inka.de>
Date: Wed, 15 Nov 1995 07:18:14 +0100 (MET)
Message-id: <[🔎] m0tFbAl-0006SiC@lina.inka.de>

Package: syslog,acct

Hello,

/var/log/auth.log and the other logfiels are world-readable. I think this is a
security problem. Especially in auth.log there are often Passwords logged
from users. In addition /var/accoun/pacct is readable, too. I think users
should not be able to see ever executed command on a system (without beeing
in group adm). Should i write a bug report for this, or is this an 'feature'
of an opn system?

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
 ( .. )  ecki@lina.{inka.de,ka.sub.org}  http://home.pages.de/~eckes/
  o--o      *plush*  1024/E010B09D  eckes@irc  +4972573817  *plush*
(O____O)       If privacy is outlawed only Outlaws have privacy

Reply to:

Follow-Ups:
- Re: logfiles world readable
  - From: "Andrew D. Fernandes" <adfernan@cnd.mcgill.ca>

Prev by Date: Re: 1.0
Next by Date: Re: why aren't man pages compressed?
Previous by thread: Re: problem compiling curses program
Next by thread: Re: logfiles world readable
Index(es):
- Date
- Thread