From owner-freebsd-bugs Tue Feb 11 4:10:14 2003 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98AF637B401 for ; Tue, 11 Feb 2003 04:10:12 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A144043F93 for ; Tue, 11 Feb 2003 04:10:11 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h1BCABNS079791 for ; Tue, 11 Feb 2003 04:10:11 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h1BCABCi079790; Tue, 11 Feb 2003 04:10:11 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D90537B401 for ; Tue, 11 Feb 2003 04:07:10 -0800 (PST) Received: from stylish.chem.msu.su (stylish.chem.msu.su [158.250.32.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE9D343FAF for ; Tue, 11 Feb 2003 04:07:08 -0800 (PST) (envelope-from yar@stylish.chem.msu.su) Received: from stylish.chem.msu.su (localhost [127.0.0.1]) by stylish.chem.msu.su (8.12.6/8.12.6) with ESMTP id h1BC69Mj026644 for ; Tue, 11 Feb 2003 15:06:09 +0300 (MSK) (envelope-from yar@stylish.chem.msu.su) Received: (from yar@localhost) by stylish.chem.msu.su (8.12.6/8.12.6/Submit) id h1BC69U7026643; Tue, 11 Feb 2003 15:06:09 +0300 (MSK) Message-Id: <200302111206.h1BC69U7026643@stylish.chem.msu.su> Date: Tue, 11 Feb 2003 15:06:09 +0300 (MSK) From: Yar Tikhiy To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: conf/48170: LOG_AUTHPRIV messages disclosed due to default syslog.conf Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 48170 >Category: conf >Synopsis: LOG_AUTHPRIV messages disclosed due to default syslog.conf >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 11 04:10:10 PST 2003 >Closed-Date: >Last-Modified: >Originator: Yar Tikhiy >Release: FreeBSD 5.0-RELEASE i386 >Organization: Moscow State University >Environment: This problem exists in both STABLE and CURRENT. >Description: The syslog(3) facility LOG_AUTHPRIV is intended to hide log messages that should not be seen by ordinary users by sending such messages to a separate, protected log file. For instance, login(1) drops two messages per an invalid login attempt, one to LOG_AUTH and the other to LOG_AUTHPRIV. The latter includes the username attempted, which may happen to be a password typed at the wrong prompt, so nobody but the sysadmins should see it. At the same time, default syslog.conf(5) sends *.notice to /var/log/messages, while LOG_NOTICE is the level used for messages about invalid authentication (since LOG_INFO is for normal operation, e.g., successful logins). That's why really sensitive messages sent to LOG_AUTHPRIV appear visible to everyone in the system. >How-To-Repeat: (Mis)type your password at the "login:" prompt. See it world-readable in /var/log/messages. >Fix: Index: syslog.conf =================================================================== RCS file: /home/ncvs/src/etc/syslog.conf,v retrieving revision 1.23 diff -u -r1.23 syslog.conf --- syslog.conf 21 Sep 2002 12:07:35 -0000 1.23 +++ syslog.conf 11 Feb 2003 11:39:55 -0000 @@ -6,7 +6,7 @@ # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console -*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message