Bug#291825: exim4-base: /var/log/exim4 permissions

Marc Haber Marc Haber <mh+debian-packages@zugschlus.de>, 291825-maintonly@bugs.debian.org
Mon, 24 Jan 2005 07:31:54 +0100 

severity #291825 wishlist
thanks

On Mon, Jan 24, 2005 at 11:45:27AM +1100, Anand Kumria wrote:
> this isn't a 'wishlist' bug

It is. Your change introduces a security and privacy issue. Mail logs
are not an average log and need extra protection.

If you disagree, please take this issue to the tech ctte.

> On Sun, Jan 23, 2005 at 04:27:24PM +0100, Marc Haber wrote:
> > Feature. The log might contain confidenial data.
> 
> I am not asking for the permissions of logfiles to be changed.

I am well aware of it. Why do you need to read the directories if you
can't read the contents anyway?

> I am asking for the permission of the directory containing the logfiles
> to be changed to be in line with policy.

This one is a SHOULD, and we have good reason to ignore that SHOULD.

> Changing the permissions to be
> in line with policy also allows useful a number of reasonable
> administrative actions.

Which ones?

> > Add yourself to the adm group. Grepping logs as root is generally not
> > a good idea.
> 
> Thanks for the suggestion. If it were just a single group I should add
> myself to, that would be fantastic.  However as an administrator my
> choices are:
> 
> 	- add myself to every arbitary group that every arbitary Debian
> 	  maintainer would like me to (proxy, Debian-exim, adm, etc.)

Which is the necessary way.

> 	- ask maintainers to follow the Debian policy when it comes to
> 	  directories and do things as root

Doing things as root is a bad idea.

> For people whose time is unlimited they may choose to add themselves to
> every group.  Performing my requested change will not preclude them from
> doing so.  Performing my requested change also enables the second group
> of administrators to undertake their work with a minimum of extra
> stress.

Additionally, you are free to change the directory permissions
locally. I am not aware of any code inside the exim4 package undoing a
local change to the log directory permissions.

> Per policy 10.9,

"The rules in this section are guidelines for general use. If
necessary, you may deviate from the details below."

An additional argument is that we don't want to introduce new bug
potential for a base package. A local administrator could have relied
on the directory not being world readable, and making them so could
expose information that she wanted to be private.

This bug will stay wishlist/wontfix until debian-devel reaches
differing consensus and/or the tech ctte tells us to change this.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835