[Logcheck-devel] Bug#252784: logcheck: /etc/logcheck/* should be world-readable
Justin B Rye
jbr at edlug.org.uk
Sat Jun 5 01:11:41 UTC 2004
Package: logcheck
Version: 1.2.20a
Severity: normal
Tags: patch
The archived logcheck-database bug #209048:
"logcheck directories should be readable by group adm"
claims to have been resolved; if you want to revive that one and
merge this with it, go ahead, but note the more ambitious subject.
The chgrp/chmod commands in logcheck.postinst currently set badly
incoherent permissions: on the one hand, the files in /etc/logcheck
are world-readable; on the other hand, the subdirectories are all
"750 root:logcheck", so a mere adm-group member can't so much as
list the rules files.
Unreadability is pointless in files anyone can download copies of.
And once that's fixed, the logcheck-group ownership is redundant.
So what they really ought to be is something like "755 root:root".
Suggested patch (against the logcheck-1.2.21 version) attached.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.6.6
Locale: LANG=en_GB, LC_CTYPE=en_GB
Versions of packages logcheck depends on:
ii adduser 3.53 Add and remove users and groups
ii cron 3.0pl1-83 management of regular background p
ii debconf [debconf 1.4.25 Debian configuration management sy
ii debianutils 2.8.2 Miscellaneous utilities specific t
ii exim4 4.32-2 An MTA (Mail Transport Agent)
ii exim4-daemon-lig 4.32-2 Lightweight version of the Exim (v
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.20a A database of system log rules for
ii logtail 1.2.20a Returns parts of logfiles that hav
ii mailx 1:8.1.2-0.20031014cvs-2 A simple mail user agent
ii sysklogd [system 1.4.1-10 System Logging Daemon
-- debconf information:
logcheck/changes:
* logcheck/install-note:
--
JBR
Ankh kak! (Ancient Egyptian blessing)
-------------- next part --------------
--- logcheck.postinst.old 2004-06-05 01:29:21.000000000 +0100
+++ logcheck.postinst.new 2004-06-05 01:34:59.000000000 +0100
@@ -45,15 +45,9 @@
chown -R logcheck:logcheck /var/lib/logcheck || true
chown -R logcheck:logcheck /var/state/logcheck > /dev/null 2>&1 \
|| true
- chgrp -R logcheck /etc/logcheck || true
- chmod 750 /etc/logcheck/ignore.d.paranoid || true
- chmod 750 /etc/logcheck/ignore.d.workstation || true
- chmod 750 /etc/logcheck/ignore.d.server || true
- chmod 750 /etc/logcheck/cracking.d || true
- chmod 750 /etc/logcheck/cracking.ignore.d || true
- chmod 750 /etc/logcheck/violations.d || true
- chmod 750 /etc/logcheck/violations.ignore.d || true
- chmod -R g+rX /etc/logcheck || true
+ chown -R root:root /etc/logcheck || true
+ chmod -R +r /etc/logcheck || true
+ chmod +x /etc/logcheck/*.d* || true
# just in case
chown logcheck /var/lock/logcheck > /dev/null 2>&1 || true
fi
More information about the Logcheck-devel
mailing list