[Aptitude-devel] Bug#285551: permission of log file

Daniel Hartwig mandyke at gmail.com
Fri Dec 9 03:53:22 UTC 2011


Daniel Burrows <dburrows at debian.org> wrote:
> On Monday 13 December 2004 06:58 pm, martin f krafft wrote:
>> Please consider making the log file of aptitude root:adm with 0640
>> permissions, in accordance with the majority of other log files.
>
>   Why?  There's nothing confidential about the information in the log file; if
> you want to (eg) find out what vulnerable software is available on the
> system, the apt cache (which is also unprotected by default) is a much better
> place to look.

Presently, the permissions of aptitude's log file are not different to
those of apt or dpkg:

-rw-r--r-- 1 root root  111461 Dec  1 00:02 /var/log/aptitude
-rw-r--r-- 1 root root  601478 Dec  8 18:08 /var/log/dpkg.log
-rw-r--r-- 1 root root   43382 Dec  8 18:08 /var/log/apt/history.log
-rw-r--r-- 1 root adm   289977 Dec  8 18:08 /var/log/apt/term.log
-rw-r--r-- 1 root root   84946 Dec  8 16:01 /var/lib/apt/extended_states
-rw-r--r-- 1 root root 1823490 Dec  8 15:57 /var/lib/dpkg/status

or many other logs which are not security sensitive:

-rw-r--r-- 1 root root      0 Dec  2 09:11 /var/log/alternatives.log
-rw-r--r-- 1 root root 107298 Mar 24  2011 /var/log/bootstrap.log
-rw-r--r-- 1 root root   2037 Oct 13 22:04 /var/log/fontconfig.log
-rw-r--r-- 1 root root   2700 Dec  8 17:29 /var/log/pm-powersave.log
-rw-r--r-- 1 root root  61720 Dec  8 17:29 /var/log/pm-suspend.log
-rw-r--r-- 1 root root      0 Mar 24  2011 /var/log/pycentral.log
-rw-r--r-- 1 root root  46397 Dec  8 17:29 /var/log/Xorg.0.log
-rw-r--r-- 1 root root  33419 Nov 24 23:55 /var/log/Xorg.0.log.old

etc.

As this situation is unlikely to change, unless anyone objects, I will
close or +wontfix this bug shortly.

Thanks



More information about the Aptitude-devel mailing list