Bug#870638: systemd: /var/log/btmp has inconsistent permissions
Mark Charter
mark at nctr.co.uk
Fri Aug 4 15:48:12 BST 2017
At the moment systemd sets the permissions/ownership on /var/log/btmp
to 0600 root:utmp (in /usr/lib/tmpfiles.d/var.conf).
If all the programs that need to read or write /var/log/btmp are already
running with root privileges, then 0600 seems OK, and ownership might as
well be root:root.
This would require changes to /etc/logrotate.conf (in the logrotate
package) and the post-installation script of the base-files package,
otherwise the permissions on /var/log/btmp may change across reboots
and logfile rotations.
Mark.
Michael Biebl writes:
> Am 04.08.2017 um 11:27 schrieb Mark Charter:
> > Michael,
> >
> > Thanks for your reply.
> >
> > /var/log/btmp should not be world readable because a common cause of
> > login failures is to give password instead of username, which would
> > result in passwords being world readable. See Debian bug 341883:
> >
>
> Hm, if that is the case that passwords are logged to that file, do we
> really want to make that file read/writable by group utmp?
>
> The Debian policy [1] only says that /var/log/wtmp,lastlog and
> /var/run/utmp should be writable by group utmp.
>
> Given that, wouldn't it be a safer default to have 0600 root:root for
> /var/log/btmp as systemd creates it?
>
> Michael
>
> [1]
> https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s11.3
>
> x[DELETED ATTACHMENT signature.asc, application/pgp-signature]
More information about the Pkg-systemd-maintainers
mailing list