On Wednesday 19 January 2005 00:51, Marius Mauch wrote: > On Wed, 19 Jan 2005 00:35:53 +0100 > > Alexander Mieland <[EMAIL PROTECTED]> wrote: > > Well, this *could* be one solution, but this *is* not a desirable > > solution for me. > > As I've said, there is absolutley no sense to restrict the access > > on /var/log/emerge.log in that hard way. > > It must be possible to build an application which can read the > > emerge.log without to be root or in the portage group. > > http://bugs.gentoo.org/show_bug.cgi?id=35237 > Seems that other people have different opinions on that.
It might be that other people has different opinions on that. But I think, it is not needed to restrict the access on /var/log/emerge.log in that way. There are absolutly no secure or unsafe information in the emerge.log. If someone is searching for an exploit or something else, he knows what he is searching for. And then he also can look into the *bin-directories for an application he is searching for and then he can run `application -(v|v|-version)` to get the version of this application. well, and the mergetimes are really not a secure information. So, give me one single reason, which makes really sense, why it should be restricted in that hard way. But *if* there is one single important reason why it should be only readen by root and the portage group, `uname` must also be restricted in that way and /var/db/pkg too, and all other hundred things too with which someone could find some secure information like package-versions, or whatever. > > Or on the other hand, qpkg should not be allowed then, to show the > > installed packages without to be in the portage group. And > > /var/db/pkg should also be restricted then, only to root:portage. > > correct. But qpkg will leave us in the near future anyway. well, this will only be one applikation less, which helps a bad person in finding out secure information without to be root or in the portage group. > Marius -- http://de.gentoo-wiki.com Alexander Mieland (aka dma147) http://www.gentoo-stats.org Registered Linux-User #249600 http://www.php-programs.de GnuGPG-ID: 209D65B5 http://www.affen-in-not.de www.php-programs.de/dma147.asc
pgpogEOsXVqop.pgp
Description: PGP signature
