Re: logfiles world readable

To: adfernan@cnd.mcgill.ca (Andrew D. Fernandes)
Cc: debian-user@Pixar.com
Subject: Re: logfiles world readable
From: karl@tower.com.au (Karl Ferguson)
Date: Wed, 15 Nov 1995 21:50:00 +0800 (WST)
Message-id: <[🔎] m0tFiDy-000LY4C@orion.tower.com.au>
Reply-to: karl@tower.com.au
In-reply-to: <[🔎] 199511151328.IAA15645@mines.cnd.mcgill.ca> from "Andrew D. Fernandes" at Nov 15, 95 08:28:07 am

> > Package: syslog,acct
> > 
> > Hello,
> > 
> > /var/log/auth.log and the other logfiels are world-readable.
> > I think this is a security problem.
> 
> I agree. Not only that, but on a related note, "locate" should not
> place non-world-readable files in its database. If I remove
> read/execute permission from a directory, I don't want someone to be
> able to scan it by simply doing a "locate <username>".
> 
> Do you want to submit the bug report, or shall I, Bernd?

Make update run as 'nobody' and not root - then you dont allow access to the 
files...  (I think that it installs as root by default doesnt it?)

...Karl

--
________________________ 
 |                         PO Box 828   Office: (09)316-3036 Fax: (09)381-3909
 |OWER INTERNET SERVICES   Canning Bridge   After Hours:  015-779-828
                           WA, 6153     Sales Support: sales@tower.com.au
Internet Service Providers       
 and Networking Solutions

Reply to:

Follow-Ups:
- Re: logfiles world readable
  - From: eckes <ecki@lina.inka.de>

References:
- Re: logfiles world readable
  - From: "Andrew D. Fernandes" <adfernan@cnd.mcgill.ca>

Prev by Date: Re: 1.0
Next by Date: Re: oopps
Previous by thread: Re: logfiles world readable
Next by thread: Re: logfiles world readable
Index(es):
- Date
- Thread