Package: ulogd2 Version: 2.0.4-2+deb8u1 Severity: serious Tags: security After a fresh install of ulogd2, logging directory has following permissions:
# ls -al /var/log/ulog total 8 drwxr-xr-x 2 root root 4096 Dec 3 16:22 . drwxr-xr-x 10 root root 4096 Dec 3 16:22 .. -rw-r--r-- 1 root root 0 Dec 3 16:22 syslogemu.log Depending on packets logged, users on machine may gain much more information than available via /proc/[pid] - which would be just the remote address of TCP connections. This is especially annoying when ulogd is used to create full packet captures of some connections as recommended in howtos. As ulogd is started with UID=0 and drops permissions, I would recommend changing default permissions for directory to 0700 and 0600 for files. For rare scenarios, where users would really need to let another software read that data, permissions should be changed on those machines only.
