From owner-freebsd-questions@FreeBSD.ORG Fri Sep 12 22:02:47 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9DA5A106566B for ; Fri, 12 Sep 2008 22:02:47 +0000 (UTC) (envelope-from glarkin@FreeBSD.org) Received: from mail1.sourcehosting.net (113901-app1.sourcehosting.net [72.32.213.11]) by mx1.freebsd.org (Postfix) with ESMTP id 7954D8FC17 for ; Fri, 12 Sep 2008 22:02:47 +0000 (UTC) (envelope-from glarkin@FreeBSD.org) Received: from 68-189-244-97.dhcp.oxfr.ma.charter.com ([68.189.244.97] helo=Gregory-Larkins-Computer.local) by mail1.sourcehosting.net with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1KeGix-000BPn-5G; Fri, 12 Sep 2008 18:02:45 -0400 Received: from [127.0.0.1] (fireball.entropy.prv [192.168.1.12]) by Gregory-Larkins-Computer.local (Postfix) with ESMTP id 3EA7924B71AD; Fri, 12 Sep 2008 18:02:38 -0400 (EDT) Message-ID: <48CAE6FD.4020001@FreeBSD.org> Date: Fri, 12 Sep 2008 18:02:37 -0400 From: Greg Larkin Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: Marco Beishuizen References: <20080908222921.4daba36a@yokozuna.lan> <48C59453.3090604@FreeBSD.org> <20080912183357.49250e47@yokozuna.lan> In-Reply-To: <20080912183357.49250e47@yokozuna.lan> X-Enigmail-Version: 0.95.7 OpenPGP: id=1C940290 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: -1.2 (-) Cc: freebsd-questions@freebsd.org Subject: Re: logcheck doesn't work anymore X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: glarkin@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2008 22:02:47 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marco Beishuizen wrote: > On Mon, 08 Sep 2008 17:08:35 -0400 > Greg Larkin wrote: > >> Hi Marco, >> >> I recently committed the upgrade to logcheck, and I am looking into >> your problem now. I'll post back here with details once I've figured >> it out. >> >> Regards, >> Greg >> - -- >> Greg Larkin > > I discovered that when I change the permissions of the log files to 644 > it seems to work. But it seems to me that it isn't very safe to make > log files readable to everybody. > > Regards, > Marco > Hi Marco, Right you are! In fact, after my initial logcheck commit, someone opened a PR stating something very similar to what you noted: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127255 The submitter's point is that the logcheck user should not be part of the wheel group, since that also confers the ability to su to root and read many files that should be private. A patch has been committed very recently to remove the logcheck user from the wheel group and change the verbiage in pkg-message: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-install.in.diff?r1=1.1;r2=1.2 http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-message.in.diff?r1=1.1;r2=1.2 Any file that needs to be analyzed by logcheck will now have to be readable by the logcheck group instead of the wheel group. Best regards, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIyub90sRouByUApARAsqbAJ9WY6gfIcWf7pu7vX2LPo2ro17cGwCghMB1 gUZqvO7WiRm/ycUUthd4CEw= =DAqK -----END PGP SIGNATURE-----