[Gllug] Default messages perm
Nix
nix at esperi.org.uk
Mon Jun 5 07:35:42 UTC 2006
On Sun, 4 Jun 2006, Bruce Richardson announced authoritatively:
> On Sun, Jun 04, 2006 at 01:04:38PM +0100, Nix wrote:
>>
>> Perhaps you don't care who can read those logfiles?
>>
>> Most non-security-critical logfiles on most machines I administer are
>> world-readable, simply for convenience's sake. If a nasty cracker's
>> reading some logfile would do no harm at all, why not make it world-
>> readable?
>
> Because if something sensitive ever did start appearing in those log
> files (perhaps an upgrade caused some syslog confusion) then you are
> exposed until you realise and you retrofit security.
In that case the upgrade is buggy. Security-critical stuff should land
in the LOG_AUTH facility (and in my experience invariably does).
> In most computing environments, only sysadmins or key developers need to
> see the logs, so restricting log visibility to an admin group is no big
> hardship.
Yes, this happens at my workplace. About once a week it gets in my way.
(Of *course* nobody considers changing the permissions. After all this
might let a *cracker* into our systems... our systems with dozens of
identical passwords all spottable by crack in seconds, and no shadow
passwords, *sigh*)
> If you are secure by default, it's actually easier to be flexible when
> necessary.
This is only true if your sysadmins are responsive :( it takes literally
*years* to get them to read their email at any of the places I've worked.
--
`Voting for any American political party is fundamentally
incomprehensible.' --- Vadik
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list