From owner-freebsd-security@FreeBSD.ORG Tue Apr 1 08:12:41 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85D7937B401 for ; Tue, 1 Apr 2003 08:12:41 -0800 (PST) Received: from comp.chem.msu.su (comp-ext.chem.msu.su [158.250.32.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id B820C43F93 for ; Tue, 1 Apr 2003 08:12:36 -0800 (PST) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.12.3p2/8.12.3) with ESMTP id h31GBhhE021080 for ; Tue, 1 Apr 2003 20:12:25 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.12.3p2/8.12.3/Submit) id h31GBhSE021075 for security@freebsd.org; Tue, 1 Apr 2003 20:11:43 +0400 (MSD) (envelope-from yar) Date: Tue, 1 Apr 2003 20:11:43 +0400 From: Yar Tikhiy To: security@freebsd.org Message-ID: <20030401161142.GA19845@comp.chem.msu.su> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.3i X-Mailman-Approved-At: Tue, 01 Apr 2003 19:16:48 -0800 Subject: LOG_AUTHPRIV and the default syslog.conf X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2003 16:12:41 -0000 Hello, Some time ago I wrote PR conf/48170, which discussed the following problem: Syslog messages of facility LOG_AUTHPRIV and priority LOG_NOTICE (or higher) are sent by default to the world-readable log file /var/log/messages. That seems unacceptable since the facility LOG_AUTHPRIV is for hiding sensitive log messages inside a protected file, e.g., /var/log/auth.log. For example, login(1) and ftpd(8) send messages about invalid login attempts to LOG_AUTHPRIV|LOG_NOTICE, which makes sense because: a) a username attempted may happen to be a password typed at a wrong prompt; b) an invalid login attempt is a thing to notice, so LOG_NOTICE is justified. The following patch was proposed: Index: syslog.conf =================================================================== RCS file: /home/ncvs/src/etc/syslog.conf,v retrieving revision 1.23 diff -u -r1.23 syslog.conf --- syslog.conf 21 Sep 2002 12:07:35 -0000 1.23 +++ syslog.conf 11 Feb 2003 11:39:55 -0000 @@ -6,7 +6,7 @@ # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console -*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog =================================================================== Since my PR has received no feedback, I'd like to discuss the above problem here before committing my patch. Have I overlooked any complications? -- Yar