Date: Fri, 12 Sep 2008 18:02:37 -0400 From: Greg Larkin <glarkin@FreeBSD.org> To: Marco Beishuizen <mbeis@xs4all.nl> Cc: freebsd-questions@freebsd.org Subject: Re: logcheck doesn't work anymore Message-ID: <48CAE6FD.4020001@FreeBSD.org> In-Reply-To: <20080912183357.49250e47@yokozuna.lan> References: <20080908222921.4daba36a@yokozuna.lan> <48C59453.3090604@FreeBSD.org> <20080912183357.49250e47@yokozuna.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marco Beishuizen wrote: > On Mon, 08 Sep 2008 17:08:35 -0400 > Greg Larkin <glarkin@freebsd.org> wrote: > >> Hi Marco, >> >> I recently committed the upgrade to logcheck, and I am looking into >> your problem now. I'll post back here with details once I've figured >> it out. >> >> Regards, >> Greg >> - -- >> Greg Larkin > > I discovered that when I change the permissions of the log files to 644 > it seems to work. But it seems to me that it isn't very safe to make > log files readable to everybody. > > Regards, > Marco > Hi Marco, Right you are! In fact, after my initial logcheck commit, someone opened a PR stating something very similar to what you noted: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127255 The submitter's point is that the logcheck user should not be part of the wheel group, since that also confers the ability to su to root and read many files that should be private. A patch has been committed very recently to remove the logcheck user from the wheel group and change the verbiage in pkg-message: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-install.in.diff?r1=1.1;r2=1.2 http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-message.in.diff?r1=1.1;r2=1.2 Any file that needs to be analyzed by logcheck will now have to be readable by the logcheck group instead of the wheel group. Best regards, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIyub90sRouByUApARAsqbAJ9WY6gfIcWf7pu7vX2LPo2ro17cGwCghMB1 gUZqvO7WiRm/ycUUthd4CEw= =DAqK -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48CAE6FD.4020001>