Your message dated Sun, 16 Jan 2005 15:37:56 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#290803: login: /var/log/btmp is created with insecure permissions has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 16 Jan 2005 19:52:14 +0000 >From [EMAIL PROTECTED] Sun Jan 16 11:52:14 2005 Return-path: <[EMAIL PROTECTED]> Received: from alpha.it.teithe.gr [195.251.240.232] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqGRa-0000o4-00; Sun, 16 Jan 2005 11:52:14 -0800 Received: from archimedes.it.teithe.gr (archimedes.it.teithe.gr [195.251.123.237]) by alpha.it.teithe.gr (8.12.10/8.12.10) with ESMTP id j0GJq4AC005583; Sun, 16 Jan 2005 21:52:05 +0200 (EET) Received: from archimedes.it.teithe.gr (localhost.localdomain [127.0.0.1]) by archimedes.it.teithe.gr (8.13.2/8.13.2/Debian-1) with ESMTP id j0GJpiql020852; Sun, 16 Jan 2005 21:51:44 +0200 Received: (from [EMAIL PROTECTED]) by archimedes.it.teithe.gr (8.13.2/8.13.2/Submit) id j0GJpiib020851; Sun, 16 Jan 2005 21:51:44 +0200 Message-Id: <[EMAIL PROTECTED]> X-Authentication-Warning: archimedes.it.teithe.gr: v13 set sender to [EMAIL PROTECTED] using -f Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Stefanos Harhalakis <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: login: /var/log/btmp is created with insecure permissions X-Mailer: reportbug 3.2 Date: Sun, 16 Jan 2005 21:51:44 +0200 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS, HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: login Version: 1:4.0.3-30.7 Severity: critical Tags: security Justification: root security hole It seems that /var/log/btmp is created as a world readable file. This is insecure (and it is reported by 'tiger') because this file contains failed logins , including unknown usernames. It is possible for a user to see the root password (and others too) by running /usr/bin/lastb. Tiger reports this as an error: # Checking for existence of log files... --FAIL-- [logf005f] Log file /var/log/btmp permission should be 660 -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-686-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages login depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l -- no debconf information --------------------------------------- Received: (at 290803-done) by bugs.debian.org; 16 Jan 2005 20:38:02 +0000 >From [EMAIL PROTECTED] Sun Jan 16 12:38:02 2005 Return-path: <[EMAIL PROTECTED]> Received: from stratton-four-forty-two.mit.edu (cz.mit.edu) [18.187.6.187] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqH9u-000161-00; Sun, 16 Jan 2005 12:38:02 -0800 Received: by cz.mit.edu (Postfix, from userid 8042) id 71FA7E0063; Sun, 16 Jan 2005 15:37:56 -0500 (EST) To: Stefanos Harhalakis <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: Bug#290803: login: /var/log/btmp is created with insecure permissions References: <[EMAIL PROTECTED]> From: Sam Hartman <[EMAIL PROTECTED]> Date: Sun, 16 Jan 2005 15:37:56 -0500 In-Reply-To: <[EMAIL PROTECTED]> (Stefanos Harhalakis's message of "Sun, 16 Jan 2005 21:51:44 +0200") Message-ID: <[EMAIL PROTECTED]> User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: >>>>> "Stefanos" == Stefanos Harhalakis <[EMAIL PROTECTED]> writes: Stefanos> It seems that /var/log/btmp is created as a world Stefanos> readable file. This is insecure (and it is reported by Stefanos> 'tiger') because this file contains failed logins , Stefanos> including unknown usernames. It is possible for a user Stefanos> to see the root password (and others too) by running Stefanos> /usr/bin/lastb. Hmm, looks to me like unknown user names are logged as unknown. UNKNOWN Sun Jan 16 13:08 - 13:08 (00:00) hartmans Sun Jan 16 13:07 - 13:07 (00:00) hartmans Thu Jan 13 13:37 - 13:37 (00:00) UNKNOWN Sat Jan 8 17:03 - 17:03 (00:00) UNKNOWN Sat Jan 8 17:03 - 17:03 (00:00) hartmans Sat Jan 8 17:02 - 17:02 (00:00) UNKNOWN Thu Jan 6 15:49 - 15:49 (00:00) UNKNOWN Thu Jan 6 15:49 - 15:49 (00:00) UNKNOWN Thu Jan 6 15:48 - 15:48 (00:00) hartmans Thu Jan 6 11:03 - 11:03 (00:00) hartmans Wed Jan 5 14:23 - 14:23 (00:00) hartmans Tue Jan 4 11:50 - 11:50 (00:00) UNKNOWN Tue Dec 28 12:47 - 12:47 (00:00) UNKNOWN Tue Dec 28 12:47 - 12:47 (00:00) UNKNOWN Fri Dec 17 15:33 - 15:33 (00:00) UNKNOWN Fri Dec 17 15:33 - 15:33 (00:00) UNKNOWN Fri Dec 17 14:08 - 14:08 (00:00) hartmans Fri Dec 17 12:16 - 12:16 (00:00) UNKNOWN Fri Dec 17 12:16 - 12:16 (00:00) hartmans Fri Dec 17 12:15 - 12:15 (00:00) UNKNOWN Fri Dec 17 09:30 - 09:30 (00:00) hartmans Fri Dec 17 05:40 - 05:40 (00:00) hartmans Thu Dec 16 22:41 - 22:41 (00:00) hartmans Thu Dec 16 11:03 - 11:03 (00:00) UNKNOWN Wed Dec 15 14:15 - 14:15 (00:00) UNKNOWN Wed Dec 15 14:15 - 14:15 (00:00) hartmans Wed Dec 15 14:15 - 14:15 (00:00) hartmans Wed Dec 15 12:01 - 12:01 (00:00) hartmans Tue Dec 14 13:04 - 13:04 (00:00) UNKNOWN Sun Dec 12 09:22 - 09:22 (00:00) hartmans Sun Dec 12 09:22 - 09:22 (00:00) hartmans Fri Dec 10 13:05 - 13:05 (00:00) btmp begins Fri Dec 10 13:05:24 2004 Tiger and cops and that line of tools are notorious for reporting things as errors that simply are not. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]