-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marco Beishuizen wrote: > On Mon, 08 Sep 2008 17:08:35 -0400 > Greg Larkin <[EMAIL PROTECTED]> wrote: > >> Hi Marco, >> >> I recently committed the upgrade to logcheck, and I am looking into >> your problem now. I'll post back here with details once I've figured >> it out. >> >> Regards, >> Greg >> - -- >> Greg Larkin > > I discovered that when I change the permissions of the log files to 644 > it seems to work. But it seems to me that it isn't very safe to make > log files readable to everybody. > > Regards, > Marco >
Hi Marco, Right you are! In fact, after my initial logcheck commit, someone opened a PR stating something very similar to what you noted: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127255 The submitter's point is that the logcheck user should not be part of the wheel group, since that also confers the ability to su to root and read many files that should be private. A patch has been committed very recently to remove the logcheck user from the wheel group and change the verbiage in pkg-message: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-install.in.diff?r1=1.1;r2=1.2 http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-message.in.diff?r1=1.1;r2=1.2 Any file that needs to be analyzed by logcheck will now have to be readable by the logcheck group instead of the wheel group. Best regards, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIyub90sRouByUApARAsqbAJ9WY6gfIcWf7pu7vX2LPo2ro17cGwCghMB1 gUZqvO7WiRm/ycUUthd4CEw= =DAqK -----END PGP SIGNATURE----- _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"