Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 24 Feb 2001 08:24:44 +0900
From:      Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/25329: Deprecated permission of /var/log/console.log
Message-ID:  <20010224082444P.ipfw@ya3.so-net.ne.jp>

next in thread | raw e-mail | index | archive | help

>Number:         25329
>Category:       bin
>Synopsis:       The current default permission of /var/log/console.log is depricated
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 23 15:20:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Yoshihiro Koya
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Yokohama City Univ. Dept. of Math. Sci.
>Environment:
System: FreeBSD current.my.domain 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sun Feb 18 22:47:43 JST 2001 root@current.my.domain:/usr/obj/usr/src/sys/current i386


Also on 4-stable as of Feb 23
>Description:
The default permission assumed in /etc/newsyslog.conf 
of /var/log/console.log is 640.
But mode 600 is more secure than current default permisson.
Actually, those of /var/log/mount.{today,yesterday} or 
/var/log/setuid.{today,yesterday} is also 600.

The reason whay this permisson is deperecate is as follows:

# su -l
(become root)
# shutdown now
(go into the single usermode)
# /bin/cat /etc/master.passwd
(the contents of /etc/master.passwd is here)
# exit
(go into the multi user mode again)
(after loggin in as a usual user belonging to wheel)
% cat /var/log/console.log
(you may find the contents of /etc/master.passwd)

Everything done by root during the single user mode
can be viewed via /var/log/console.log.

>How-To-Repeat:
>Fix:

At least, the following modification seems to be required.

--- newsyslog.conf.orig	Sat Feb 24 08:16:58 2001
+++ newsyslog.conf	Sat Feb 24 08:18:53 2001
@@ -17,4 +17,4 @@
 /var/log/daily.log			640  7	   *	@T00  Z
 /var/log/weekly.log			640  5	   1	$W6D0 Z
 /var/log/monthly.log			640  12	   *	$M1D0 Z
-/var/log/console.log			640  5     100	*     Z
+/var/log/console.log			600  5     100	*     Z
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010224082444P.ipfw>