On Thu, Jan 12, 2006, Bernhard Reiter wrote: > Am Mittwoch, 11. Januar 2006 20:01 schrieb Ralf S. Engelschall: > > On Wed, Jan 11, 2006, Bernhard Reiter wrote: > > > Am Mittwoch, 11. Januar 2006 15:34 schrieb Bernhard Reiter: > > > > By default the /openpkgdir/var/postfix/log/postfix.log is word > > > > readable. This gives users of the system > > > > the possibility to do some sort of email traffic analysis > > > > for email flowing through the system. > > > > > path="@l_prefix@/var/postfix/log/postfix.log", > > > > perm=0644, monitor=3600 > > > > > I suggest to change this to > > > perm=0640 > > > Hmmm... I see your point and from a paranoid security point of view the > > file should be not world-readable. > > We found out, because accidently some Kolab Server were logging passwords > which made it a real world critical problem. > [...]
Sure, logged passwords are a critical issue, but, to be honest, this is a security problem of the application (passwords should be never logged anywhere at all) and not caused by the fact that the receiving logfile is world-readable. Nevertheless we still have the general question what about world-readable logfiles at all... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ The OpenPKG Project www.openpkg.org User Communication List openpkg-users@openpkg.org