[1350] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: LINUX:/var/log/messages world readable

daemon@ATHENA.MIT.EDU (Avery Pennarun)
Sun Dec 15 10:20:48 1996

Date: Sat, 14 Dec 1996 15:36:47 -0500 (EST)
From: Avery Pennarun <apenwarr@foxnet.net>
To: linux-security@redhat.com
In-Reply-To: <Pine.BSI.3.91.961210212911.10784A-100000@escape.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Tue, 10 Dec 1996, Dave G. wrote:

> #!/bin/sh
> #
> # yankpw
> #
> # Under a lot of linux distributions(I know Redhat 3.0.3 and Slackware 3.0)
> # /var/log/messages is world readable. If a user types in his password at
> # the login prompt, it may get logged to /var/log/messages.
> #
> # I could swear this topic has been beaten to death, but I still see this
> # problem on every linux box I have access to.

On my Debian 1.1 system, the information is logged to /var/log/auth.log,
which has these default permissions:

    -rw-r-----   1 root     adm          1897 Dec 14 15:33 auth.log

Still readable by anyone in group adm, but not as dangerous as the
world-readable messages file (which, I believe, can stay world-readable on
most systems for convenience to users).

I don't know what the latest Red Hat would do.

[mod: That is actually the way it should be. I personally a) have the 
root password and b) want to be able to browse the messages files for
interesting stuff. I'd then add my useraccount to the group adm to be
able to freely do that. Red Hat 4.0 has the "secure" logfile, but it
has 644 permissions, and the login failures get logged to the "messages"
file anyway..... -- REW]

Avery


home help back first fref pref prev next nref lref last post