[Logcheck-devel] Bug#252784: marked as done (logcheck: /etc/logcheck/* should be world-readable)

Debian Bug Tracking System owner at bugs.debian.org
Sat Jun 12 10:48:12 UTC 2004


Your message dated Sat, 12 Jun 2004 12:41:29 +0200
with message-id <20040612104129.GE1635 at sputnik.stro.at>
and subject line Bug#252784: [Logcheck-devel] Bug#252784: logcheck: /etc/logcheck/* should be world-readable
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Jun 2004 01:11:25 +0000
>From bts at xibalba.demon.co.uk Fri Jun 04 18:11:25 2004
Return-path: <bts at xibalba.demon.co.uk>
Received: from anchor-post-36.mail.demon.net (anchor-post-37.mail.demon.net) [194.217.242.86] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BWPiW-0000oz-00; Fri, 04 Jun 2004 18:11:25 -0700
Received: from xibalba.demon.co.uk ([80.176.227.229])
	by anchor-post-37.mail.demon.net with esmtp (Exim 3.35 #1)
	id 1BWPiV-00014R-0b
	for submit at bugs.debian.org; Sat, 05 Jun 2004 02:11:23 +0100
Date: Sat, 5 Jun 2004 02:11:41 +0100
From: Justin B Rye <jbr at edlug.org.uk>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: logcheck: /etc/logcheck/* should be world-readable
Message-ID: <20040605011141.GA20977 at xibalba.demon.co.uk>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline
X-Reportbug-Version: 2.60
User-Agent: Mutt/1.5.5.1+cvs20040105i
Sender: Spambuffer <bts at xibalba.demon.co.uk>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,DRUGSPAM,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Package: logcheck
Version: 1.2.20a
Severity: normal
Tags: patch

The archived logcheck-database bug #209048:
"logcheck directories should be readable by group adm"
claims to have been resolved; if you want to revive that one and
merge this with it, go ahead, but note the more ambitious subject.

The chgrp/chmod commands in logcheck.postinst currently set badly
incoherent permissions: on the one hand, the files in /etc/logcheck
are world-readable; on the other hand, the subdirectories are all
"750 root:logcheck", so a mere adm-group member can't so much as
list the rules files. 

Unreadability is pointless in files anyone can download copies of.
And once that's fixed, the logcheck-group ownership is redundant.
So what they really ought to be is something like "755 root:root".
Suggested patch (against the logcheck-1.2.21 version) attached.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.6.6
Locale: LANG=en_GB, LC_CTYPE=en_GB

Versions of packages logcheck depends on:
ii  adduser          3.53                    Add and remove users and groups
ii  cron             3.0pl1-83               management of regular background p
ii  debconf [debconf 1.4.25                  Debian configuration management sy
ii  debianutils      2.8.2                   Miscellaneous utilities specific t
ii  exim4            4.32-2                  An MTA (Mail Transport Agent)
ii  exim4-daemon-lig 4.32-2                  Lightweight version of the Exim (v
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.20a                 A database of system log rules for
ii  logtail          1.2.20a                 Returns parts of logfiles that hav
ii  mailx            1:8.1.2-0.20031014cvs-2 A simple mail user agent
ii  sysklogd [system 1.4.1-10                System Logging Daemon

-- debconf information:
  logcheck/changes: 
* logcheck/install-note: 

-- 
JBR
Ankh kak! (Ancient Egyptian blessing)

--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="logcheck.postinst.patch"

--- logcheck.postinst.old	2004-06-05 01:29:21.000000000 +0100
+++ logcheck.postinst.new	2004-06-05 01:34:59.000000000 +0100
@@ -45,15 +45,9 @@
     	  chown -R logcheck:logcheck /var/lib/logcheck  || true
           chown -R logcheck:logcheck /var/state/logcheck > /dev/null 2>&1 \
 	      || true
-          chgrp -R logcheck /etc/logcheck || true
-          chmod 750 /etc/logcheck/ignore.d.paranoid || true
-          chmod 750 /etc/logcheck/ignore.d.workstation || true
-          chmod 750 /etc/logcheck/ignore.d.server || true
-          chmod 750 /etc/logcheck/cracking.d || true
-          chmod 750 /etc/logcheck/cracking.ignore.d || true
-          chmod 750 /etc/logcheck/violations.d || true
-          chmod 750 /etc/logcheck/violations.ignore.d || true
-    	  chmod -R g+rX /etc/logcheck || true
+          chown -R root:root /etc/logcheck || true
+          chmod -R +r /etc/logcheck || true
+          chmod +x /etc/logcheck/*.d* || true
           # just in case
           chown logcheck /var/lock/logcheck > /dev/null 2>&1 || true
 	fi

--45Z9DzgjV8m4Oswq--

---------------------------------------
Received: (at 252784-done) by bugs.debian.org; 12 Jun 2004 10:41:40 +0000
>From max at stro.at Sat Jun 12 03:41:40 2004
Return-path: <max at stro.at>
Received: from baikonur.stro.at [213.239.196.228] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BZ5xE-0005BI-00; Sat, 12 Jun 2004 03:41:40 -0700
Received: from localhost (localhost [127.0.0.1])
	by baikonur.stro.at (Postfix) with ESMTP id 6C5035C08C
	for <252784-done at bugs.debian.org>; Sat, 12 Jun 2004 12:41:39 +0200 (CEST)
Received: from baikonur.stro.at ([127.0.0.1])
	by localhost (baikonur [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 26807-05 for <252784-done at bugs.debian.org>;
	Sat, 12 Jun 2004 12:41:20 +0200 (CEST)
Received: from sputnik (unknown [62.47.128.156])
	by baikonur.stro.at (Postfix) with ESMTP id 25CB65C049
	for <252784-done at bugs.debian.org>; Sat, 12 Jun 2004 12:41:20 +0200 (CEST)
Received: from max by sputnik with local (Exim 4.32)
	id 1BZ5x3-0002Cs-Sk
	for 252784-done at bugs.debian.org; Sat, 12 Jun 2004 12:41:29 +0200
Date: Sat, 12 Jun 2004 12:41:29 +0200
From: maks attems <debian at sternwelten.at>
To: 252784-done at bugs.debian.org
Subject: Re: Bug#252784: [Logcheck-devel] Bug#252784: logcheck: /etc/logcheck/* should be world-readable
Message-ID: <20040612104129.GE1635 at sputnik.stro.at>
References: <20040605011141.GA20977 at xibalba.demon.co.uk> <20040605171459.GA4230 at sputnik.stro.at>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="hxkXGo8AKqTJ+9QI"
Content-Disposition: inline
In-Reply-To: <20040605171459.GA4230 at sputnik.stro.at>
User-Agent: Mutt/1.5.5.1+cvs20040105i
Sender: maximilian attems <max at stro.at>
X-Virus-Scanned: by Amavis (ClamAV) at stro.at
Delivered-To: 252784-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--hxkXGo8AKqTJ+9QI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


> On Sat, 05 Jun 2004, Justin B Rye wrote:

this bug is one week old and it's assumptions didn't stand,
no reply since. closing.
maks


--hxkXGo8AKqTJ+9QI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAyt3Z6//kSTNjoX0RAgiuAKCCT1cNgEHrl4lf+K9/NSgRMtWqoACfebmA
ze49jauOpEcWrP5gJQIFWQU=
=BPqT
-----END PGP SIGNATURE-----

--hxkXGo8AKqTJ+9QI--




More information about the Logcheck-devel mailing list