[Logcheck-devel] Bug#481347: logcheck: Logcheck leaves world-readable dead.letter
rhonda at deb.at
Thu May 15 13:41:55 UTC 2008
reassign 481347 mailx
found 481347 1:8.1.2-0.20050715cvs-1
On Thu, May 15, 2008 at 03:39:19PM +0300, Stefanos Harhalakis wrote:
> Logcheck can leave a world readable dead.letter that contains parsed
The problem that it is world readable lies in the used tool mail,
coming from the mailx package. The information exposure problem is not
limited to logcheck here, it in fact is a more general problem residing
in mailx that it doesn't tighten the file permission of the dead.letter
file it creates.
I would be happy if this can get fixed. As the version of logcheck this
was reported about was the version from stable I am versioning this
against the stable version of mailx.
> Steps to reproduce:
> * Create a lot of logs that will not be filtered by logcheck. (very
> easy). 10MBytes should be enough. You have an hour to do so.
> * When logcheck runs it will produce a file of size X MBytes to be
> mailed to root
> * Most MTAs have a limit for the maximum message size. If it is exceeded
> and you're using sendmail, the mail will be saved in a file named dead.letter
> * For logcheck this is placed in: /var/lib/logcheck/dead.letter
> * Go read this file and get some logs that you should not see
Hope this can get fixed in a quick way.
More information about the Logcheck-devel