Bug#870638: systemd: /var/log/btmp has inconsistent permissions
Michael Biebl
biebl at debian.org
Fri Aug 4 12:29:40 BST 2017
Am 04.08.2017 um 11:27 schrieb Mark Charter:
> Michael,
>
> Thanks for your reply.
>
> /var/log/btmp should not be world readable because a common cause of
> login failures is to give password instead of username, which would
> result in passwords being world readable. See Debian bug 341883:
>
Hm, if that is the case that passwords are logged to that file, do we
really want to make that file read/writable by group utmp?
The Debian policy [1] only says that /var/log/wtmp,lastlog and
/var/run/utmp should be writable by group utmp.
Given that, wouldn't it be a safer default to have 0600 root:root for
/var/log/btmp as systemd creates it?
Michael
[1]
https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s11.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20170804/0e769c2d/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list