logcheck doesn't work anymore
glarkin at FreeBSD.org
Fri Sep 12 22:02:47 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Marco Beishuizen wrote:
> On Mon, 08 Sep 2008 17:08:35 -0400
> Greg Larkin <glarkin at freebsd.org> wrote:
>> Hi Marco,
>> I recently committed the upgrade to logcheck, and I am looking into
>> your problem now. I'll post back here with details once I've figured
>> it out.
>> - --
>> Greg Larkin
> I discovered that when I change the permissions of the log files to 644
> it seems to work. But it seems to me that it isn't very safe to make
> log files readable to everybody.
Right you are! In fact, after my initial logcheck commit, someone
opened a PR stating something very similar to what you noted:
The submitter's point is that the logcheck user should not be part of
the wheel group, since that also confers the ability to su to root and
read many files that should be private.
A patch has been committed very recently to remove the logcheck user
from the wheel group and change the verbiage in pkg-message:
Any file that needs to be analyzed by logcheck will now have to be
readable by the logcheck group instead of the wheel group.
http://www.FreeBSD.org/ - The Power To Serve
http://www.sourcehosting.net/ - Ready. Set. Code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the freebsd-questions