[Logcheck-devel] Bug#252784: marked as done (logcheck: /etc/logcheck/* should be world-readable)
Debian Bug Tracking System
owner at bugs.debian.org
Sat Jun 12 10:48:12 UTC 2004
Your message dated Sat, 12 Jun 2004 12:41:29 +0200
with message-id <20040612104129.GE1635 at sputnik.stro.at>
and subject line Bug#252784: [Logcheck-devel] Bug#252784: logcheck: /etc/logcheck/* should be world-readable
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Jun 2004 01:11:25 +0000
>From bts at xibalba.demon.co.uk Fri Jun 04 18:11:25 2004
Return-path: <bts at xibalba.demon.co.uk>
Received: from anchor-post-36.mail.demon.net (anchor-post-37.mail.demon.net) [194.217.242.86]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BWPiW-0000oz-00; Fri, 04 Jun 2004 18:11:25 -0700
Received: from xibalba.demon.co.uk ([80.176.227.229])
by anchor-post-37.mail.demon.net with esmtp (Exim 3.35 #1)
id 1BWPiV-00014R-0b
for submit at bugs.debian.org; Sat, 05 Jun 2004 02:11:23 +0100
Date: Sat, 5 Jun 2004 02:11:41 +0100
From: Justin B Rye <jbr at edlug.org.uk>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: logcheck: /etc/logcheck/* should be world-readable
Message-ID: <20040605011141.GA20977 at xibalba.demon.co.uk>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline
X-Reportbug-Version: 2.60
User-Agent: Mutt/1.5.5.1+cvs20040105i
Sender: Spambuffer <bts at xibalba.demon.co.uk>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,DRUGSPAM,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package: logcheck
Version: 1.2.20a
Severity: normal
Tags: patch
The archived logcheck-database bug #209048:
"logcheck directories should be readable by group adm"
claims to have been resolved; if you want to revive that one and
merge this with it, go ahead, but note the more ambitious subject.
The chgrp/chmod commands in logcheck.postinst currently set badly
incoherent permissions: on the one hand, the files in /etc/logcheck
are world-readable; on the other hand, the subdirectories are all
"750 root:logcheck", so a mere adm-group member can't so much as
list the rules files.
Unreadability is pointless in files anyone can download copies of.
And once that's fixed, the logcheck-group ownership is redundant.
So what they really ought to be is something like "755 root:root".
Suggested patch (against the logcheck-1.2.21 version) attached.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.6.6
Locale: LANG=en_GB, LC_CTYPE=en_GB
Versions of packages logcheck depends on:
ii adduser 3.53 Add and remove users and groups
ii cron 3.0pl1-83 management of regular background p
ii debconf [debconf 1.4.25 Debian configuration management sy
ii debianutils 2.8.2 Miscellaneous utilities specific t
ii exim4 4.32-2 An MTA (Mail Transport Agent)
ii exim4-daemon-lig 4.32-2 Lightweight version of the Exim (v
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.20a A database of system log rules for
ii logtail 1.2.20a Returns parts of logfiles that hav
ii mailx 1:8.1.2-0.20031014cvs-2 A simple mail user agent
ii sysklogd [system 1.4.1-10 System Logging Daemon
-- debconf information:
logcheck/changes:
* logcheck/install-note:
--
JBR
Ankh kak! (Ancient Egyptian blessing)
--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="logcheck.postinst.patch"
--- logcheck.postinst.old 2004-06-05 01:29:21.000000000 +0100
+++ logcheck.postinst.new 2004-06-05 01:34:59.000000000 +0100
@@ -45,15 +45,9 @@
chown -R logcheck:logcheck /var/lib/logcheck || true
chown -R logcheck:logcheck /var/state/logcheck > /dev/null 2>&1 \
|| true
- chgrp -R logcheck /etc/logcheck || true
- chmod 750 /etc/logcheck/ignore.d.paranoid || true
- chmod 750 /etc/logcheck/ignore.d.workstation || true
- chmod 750 /etc/logcheck/ignore.d.server || true
- chmod 750 /etc/logcheck/cracking.d || true
- chmod 750 /etc/logcheck/cracking.ignore.d || true
- chmod 750 /etc/logcheck/violations.d || true
- chmod 750 /etc/logcheck/violations.ignore.d || true
- chmod -R g+rX /etc/logcheck || true
+ chown -R root:root /etc/logcheck || true
+ chmod -R +r /etc/logcheck || true
+ chmod +x /etc/logcheck/*.d* || true
# just in case
chown logcheck /var/lock/logcheck > /dev/null 2>&1 || true
fi
--45Z9DzgjV8m4Oswq--
---------------------------------------
Received: (at 252784-done) by bugs.debian.org; 12 Jun 2004 10:41:40 +0000
>From max at stro.at Sat Jun 12 03:41:40 2004
Return-path: <max at stro.at>
Received: from baikonur.stro.at [213.239.196.228]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BZ5xE-0005BI-00; Sat, 12 Jun 2004 03:41:40 -0700
Received: from localhost (localhost [127.0.0.1])
by baikonur.stro.at (Postfix) with ESMTP id 6C5035C08C
for <252784-done at bugs.debian.org>; Sat, 12 Jun 2004 12:41:39 +0200 (CEST)
Received: from baikonur.stro.at ([127.0.0.1])
by localhost (baikonur [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 26807-05 for <252784-done at bugs.debian.org>;
Sat, 12 Jun 2004 12:41:20 +0200 (CEST)
Received: from sputnik (unknown [62.47.128.156])
by baikonur.stro.at (Postfix) with ESMTP id 25CB65C049
for <252784-done at bugs.debian.org>; Sat, 12 Jun 2004 12:41:20 +0200 (CEST)
Received: from max by sputnik with local (Exim 4.32)
id 1BZ5x3-0002Cs-Sk
for 252784-done at bugs.debian.org; Sat, 12 Jun 2004 12:41:29 +0200
Date: Sat, 12 Jun 2004 12:41:29 +0200
From: maks attems <debian at sternwelten.at>
To: 252784-done at bugs.debian.org
Subject: Re: Bug#252784: [Logcheck-devel] Bug#252784: logcheck: /etc/logcheck/* should be world-readable
Message-ID: <20040612104129.GE1635 at sputnik.stro.at>
References: <20040605011141.GA20977 at xibalba.demon.co.uk> <20040605171459.GA4230 at sputnik.stro.at>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="hxkXGo8AKqTJ+9QI"
Content-Disposition: inline
In-Reply-To: <20040605171459.GA4230 at sputnik.stro.at>
User-Agent: Mutt/1.5.5.1+cvs20040105i
Sender: maximilian attems <max at stro.at>
X-Virus-Scanned: by Amavis (ClamAV) at stro.at
Delivered-To: 252784-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--hxkXGo8AKqTJ+9QI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
> On Sat, 05 Jun 2004, Justin B Rye wrote:
this bug is one week old and it's assumptions didn't stand,
no reply since. closing.
maks
--hxkXGo8AKqTJ+9QI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAyt3Z6//kSTNjoX0RAgiuAKCCT1cNgEHrl4lf+K9/NSgRMtWqoACfebmA
ze49jauOpEcWrP5gJQIFWQU=
=BPqT
-----END PGP SIGNATURE-----
--hxkXGo8AKqTJ+9QI--
More information about the Logcheck-devel
mailing list