Re: /var/log/messages not world-readable anymore?

[Debian user mail <debuser@templinux.bucknell.edu>]

On Wed, 9 Jul 1997, Joey Hess wrote:

> Will Lowe:
> > Well,  here's an example of where it could be:
> > 
> > 	I use diald to dial up an ISP account.  Diald calls chat to
> > execute a login-and-start-ppp script.  Chat writes all of it's
> > <send>/<waitfor> pairs to /var/log/messages.  So anyone who can read
> > /var/log/messages can also find my login and password for my ISP (in my
> > case,  my university).
> 
> Not a problem here, becuase I use \q in the right places in my chat script
> to make the password not be shown.
> 
> Any more examples of why this could be a security hole?

I'm not sure why it is or isn't a security hole, but I think it might be a
change in the new(er) version of sysklogd.  I upgraded that package
yesterday, and manually rotated my logs today, and voila! I could no
longer tail -f my logs.  Bummer.

Pete Templin
templin@bucknell.edu


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . Trouble? 
e-mail to templin@bucknell.edu .