From owner-freebsd-bugs Fri Feb 23 15:20: 9 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6065E37B4EC for ; Fri, 23 Feb 2001 15:20:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f1NNK1T84347; Fri, 23 Feb 2001 15:20:01 -0800 (PST) (envelope-from gnats) Received: from mgate08.so-net.ne.jp (mgate08.so-net.ne.jp [210.139.254.155]) by hub.freebsd.org (Postfix) with ESMTP id 2E8F937B401 for ; Fri, 23 Feb 2001 15:19:24 -0800 (PST) (envelope-from ipfw@ya3.so-net.ne.jp) Received: from mail.ya3.so-net.ne.jp (mspool11.so-net.ne.jp [210.139.248.11]) by mgate08.so-net.ne.jp (8.8.8+3.0Wbeta9/3.6W01022316) with ESMTP id IAA03855 for ; Sat, 24 Feb 2001 08:19:22 +0900 (JST) Received: from localhost (p78a3bd.kngwnt01.ap.so-net.ne.jp [61.120.163.189]) by mail.ya3.so-net.ne.jp (8.9.3/3.7W01022316) with ESMTP id IAA20348 for ; Sat, 24 Feb 2001 08:19:21 +0900 (JST) Message-Id: <20010224082444P.ipfw@ya3.so-net.ne.jp> Date: Sat, 24 Feb 2001 08:24:44 +0900 From: Yoshihiro Koya To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/25329: Deprecated permission of /var/log/console.log Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 25329 >Category: bin >Synopsis: The current default permission of /var/log/console.log is depricated >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Feb 23 15:20:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: Yoshihiro Koya >Release: FreeBSD 5.0-CURRENT i386 >Organization: Yokohama City Univ. Dept. of Math. Sci. >Environment: System: FreeBSD current.my.domain 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sun Feb 18 22:47:43 JST 2001 root@current.my.domain:/usr/obj/usr/src/sys/current i386 Also on 4-stable as of Feb 23 >Description: The default permission assumed in /etc/newsyslog.conf of /var/log/console.log is 640. But mode 600 is more secure than current default permisson. Actually, those of /var/log/mount.{today,yesterday} or /var/log/setuid.{today,yesterday} is also 600. The reason whay this permisson is deperecate is as follows: # su -l (become root) # shutdown now (go into the single usermode) # /bin/cat /etc/master.passwd (the contents of /etc/master.passwd is here) # exit (go into the multi user mode again) (after loggin in as a usual user belonging to wheel) % cat /var/log/console.log (you may find the contents of /etc/master.passwd) Everything done by root during the single user mode can be viewed via /var/log/console.log. >How-To-Repeat: >Fix: At least, the following modification seems to be required. --- newsyslog.conf.orig Sat Feb 24 08:16:58 2001 +++ newsyslog.conf Sat Feb 24 08:18:53 2001 @@ -17,4 +17,4 @@ /var/log/daily.log 640 7 * @T00 Z /var/log/weekly.log 640 5 1 $W6D0 Z /var/log/monthly.log 640 12 * $M1D0 Z -/var/log/console.log 640 5 100 * Z +/var/log/console.log 600 5 100 * Z >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message