From d7ee90746cf828fdb44fbd975afca7a94a7fa072 Mon Sep 17 00:00:00 2001 From: peter Date: Fri, 14 Jul 2000 01:12:50 +0000 Subject: Change various log file modes from mode 664 to 644. Allowing group wheel to trash logfiles is not exactly good security policy. There have been several gid wheel holes in ports. Various other files were changed as well (eg: the locate database were set to more restrictive modes (444) by their generation scripts) so this should be safe for them. utmp and wtmp are mode 644 already on all the systems we checked. Submitted by: jkb Reviewed by: kris --- etc/Makefile | 14 +++++++------- etc/newsyslog.conf | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/etc/Makefile b/etc/Makefile index 9cd51d7..5356384 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -113,15 +113,15 @@ distribution: ${NOSPAM} ${DESTDIR}/etc/mail ${INSTALL} -c -o ${BINOWN} -g operator -m 664 /dev/null \ ${DESTDIR}/etc/dumpdates - ${INSTALL} -c -o nobody -g ${BINGRP} -m 664 /dev/null \ + ${INSTALL} -c -o nobody -g ${BINGRP} -m 644 /dev/null \ ${DESTDIR}/var/db/locate.database - ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ + ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \ ${DESTDIR}/var/log/lpd-errs - ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ + ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \ ${DESTDIR}/var/log/maillog - ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ + ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \ ${DESTDIR}/var/log/lastlog - ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ + ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \ ${DESTDIR}/var/log/messages ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \ ${DESTDIR}/var/log/security @@ -129,9 +129,9 @@ distribution: ${DESTDIR}/var/log/slip.log ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \ ${DESTDIR}/var/log/ppp.log - ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ + ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \ ${DESTDIR}/var/log/wtmp - ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ + ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \ ${DESTDIR}/var/run/utmp ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 ${.CURDIR}/minfree \ ${DESTDIR}/var/crash diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index 3e0508e..131d626 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -3,12 +3,12 @@ # # logfilename [owner:group] mode count size when [ZB] [/pid_file] [sig_num] /var/log/cron 600 3 100 * Z -/var/log/amd.log 664 7 100 * Z -/var/log/kerberos.log 664 7 100 * Z -/var/log/lpd-errs 664 7 100 * Z -/var/log/maillog 664 7 * @T00 Z -/var/log/sendmail.st 664 10 * 168 B -/var/log/messages 664 5 100 * Z +/var/log/amd.log 644 7 100 * Z +/var/log/kerberos.log 644 7 100 * Z +/var/log/lpd-errs 644 7 100 * Z +/var/log/maillog 644 7 * @T00 Z +/var/log/sendmail.st 644 10 * 168 B +/var/log/messages 644 5 100 * Z /var/log/all.log 600 7 * @T00 Z /var/log/slip.log 600 3 100 * Z /var/log/ppp.log 600 3 100 * Z -- cgit v1.1