Re: /var/log/messages not world-readable anymore?
On Wed, 9 Jul 1997, Joey Hess wrote:
> Will Lowe:
> > Well, here's an example of where it could be:
> >
> > I use diald to dial up an ISP account. Diald calls chat to
> > execute a login-and-start-ppp script. Chat writes all of it's
> > <send>/<waitfor> pairs to /var/log/messages. So anyone who can read
> > /var/log/messages can also find my login and password for my ISP (in my
> > case, my university).
>
> Not a problem here, becuase I use \q in the right places in my chat script
> to make the password not be shown.
>
> Any more examples of why this could be a security hole?
I'm not sure why it is or isn't a security hole, but I think it might be a
change in the new(er) version of sysklogd. I upgraded that package
yesterday, and manually rotated my logs today, and voila! I could no
longer tail -f my logs. Bummer.
Pete Templin
templin@bucknell.edu
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . Trouble?
e-mail to templin@bucknell.edu .
Reply to: