Re: logfiles world readable
> > Package: syslog,acct
> >
> > Hello,
> >
> > /var/log/auth.log and the other logfiels are world-readable.
> > I think this is a security problem.
>
> I agree. Not only that, but on a related note, "locate" should not
> place non-world-readable files in its database. If I remove
> read/execute permission from a directory, I don't want someone to be
> able to scan it by simply doing a "locate <username>".
>
> Do you want to submit the bug report, or shall I, Bernd?
Make update run as 'nobody' and not root - then you dont allow access to the
files... (I think that it installs as root by default doesnt it?)
...Karl
--
________________________
| PO Box 828 Office: (09)316-3036 Fax: (09)381-3909
|OWER INTERNET SERVICES Canning Bridge After Hours: 015-779-828
WA, 6153 Sales Support: sales@tower.com.au
Internet Service Providers
and Networking Solutions
Reply to: