Date: Tue, 28 Jul 1998 13:41:43 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: security@FreeBSD.ORG Subject: Re: files in /var/log Message-ID: <v04011702b1e3bc7140d8@[128.113.24.47]> In-Reply-To: <199807272209.SAA14388@brain.zeus.leitch.com> References: Jan B. Koum 's message of "Mon, July 27, 1998 11:30:30 -0700" regarding "Re: files in /var/log " id <Pine.BSF.3.96.980727112528.29202C-100000@shell6.ba.best.com> <24385.901543204@iafrica.com> <Pine.BSF.3.96.980727112528.29202C-100000@shell6.ba.best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 6:09 PM -0400 7/27/98, Greg A. Woods wrote: >[ On Mon, July 27, 1998 at 11:30:30 (-0700), Jan B. Koum wrote: ] >> Subject: Re: files in /var/log >> >> There are many reasons. With /var/log/maillog it is privacy >> issues: do you really want everyone on your system to know you sent mail >> to sales@class-sex-toys.com or that you are exchanging mail with your >> competitor. > > Some of the other BSDs do ship with /var/log/mail at mode 640. > > However on my own machines the mailer logs are a matter of public > record and available for all to see. > > Local policy should dictate and so far as I'm concerned the default > should be more open than not. I imagine everyone agrees that local policy would dictate the settings, the question is what the default settings should be. If the local policy is that the files should be permitted, then what's the worse thing that happens if the default settings are to not-permit them? Some user complains, and someone with root access takes a minute to permit the files. However, if local policy is that the files should not be readable by "all", and the defaults is that they are readable by all, then the worst that can happen might be a bit more problematic. Some user may get information about another user which they really don't have the right to have. I would not suggest that you change your local policy, but I think it's reasonable to default to 640 permissions for some of these log files. --- Garance Alistair Drosehn = gad@eclipse.its.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04011702b1e3bc7140d8>