Bug 25329
| Summary: | The current default permission of /var/log/console.log is depricated | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Yoshihiro Koya <Yoshihiro.Koya> | ||||
| Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | 5.0-CURRENT | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
State Changed From-To: open->closed fixed in current, MFC scheduled. Thanks |
The default permission assumed in /etc/newsyslog.conf of /var/log/console.log is 640. But mode 600 is more secure than current default permisson. Actually, those of /var/log/mount.{today,yesterday} or /var/log/setuid.{today,yesterday} is also 600. The reason whay this permisson is deperecate is as follows: # su -l (become root) # shutdown now (go into the single usermode) # /bin/cat /etc/master.passwd (the contents of /etc/master.passwd is here) # exit (go into the multi user mode again) (after loggin in as a usual user belonging to wheel) % cat /var/log/console.log (you may find the contents of /etc/master.passwd) Everything done by root during the single user mode can be viewed via /var/log/console.log. Fix: At least, the following modification seems to be required.