Re: /var/log/messages not world-readable anymore?

To: Joey Hess <joey@kite.ml.org>
Cc: debian-user@lists.debian.org
Subject: Re: /var/log/messages not world-readable anymore?
From: Will Lowe <lowe@mail.eecis.udel.edu>
Date: Wed, 9 Jul 1997 12:44:03 -0400 (EDT)
Message-id: <[🔎] Pine.SUN.3.96.970709124052.9934B-100000@saturn.cis.udel.edu>
In-reply-to: <[🔎] 19970709115451.16107@kite>

On Wed, 9 Jul 1997, Joey Hess wrote:

> I've got sysklogd 1.3-17 and it's made /var/log/messages no longer be world
> readable. Is there some security problem with letting any user read it?

Well,  here's an example of where it could be:

	I use diald to dial up an ISP account.  Diald calls chat to
execute a login-and-start-ppp script.  Chat writes all of it's
<send>/<waitfor> pairs to /var/log/messages.  So anyone who can read
/var/log/messages can also find my login and password for my ISP (in my
case,  my university).

                     					Will

			        harpo@udel.edu
			       lowe@ecl.ude.edu
			http://www.ecl.udel.edu/~lowe/
*****************************************************************************
Good Idea: 	Feeding Stray Cats in the Park.
Bad Idea:	Feeding Stray Cats in the park ... to a bear.
***************************************************************************** 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: /var/log/messages not world-readable anymore?
  - From: Joey Hess <joey@kite.ml.org>

References:
- /var/log/messages not world-readable anymore?
  - From: Joey Hess <joey@kite.ml.org>

Prev by Date: Xi Graphics looking to hire a programmer for Debian (fwd)
Next by Date: Re: /var/log/messages not world-readable anymore?
Previous by thread: /var/log/messages not world-readable anymore?
Next by thread: Re: /var/log/messages not world-readable anymore?
Index(es):
- Date
- Thread