Bug#870638: systemd: /var/log/btmp has inconsistent permissions
Control: forwarded -1 https://github.com/systemd/systemd/pull/6997 Control: tags -1 fixed-upstream On Thu, 03 Aug 2017 17:46:49 +0100 Mark Charter wrote: > I suggest that the three sources of file permissions should be made > consistent, for example by changing the permissions in > /usr/lib/tmpfiles.d/var.conf from > > f /var/log/btmp 0600 root utmp - > > to > > f /var/log/btmp 0660 root utmp - This was fixed upstream the same way you suggested. Marking the bug report accordingly. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#870638: systemd: /var/log/btmp has inconsistent permissions
At the moment systemd sets the permissions/ownership on /var/log/btmp to 0600 root:utmp (in /usr/lib/tmpfiles.d/var.conf). If all the programs that need to read or write /var/log/btmp are already running with root privileges, then 0600 seems OK, and ownership might as well be root:root. This would require changes to /etc/logrotate.conf (in the logrotate package) and the post-installation script of the base-files package, otherwise the permissions on /var/log/btmp may change across reboots and logfile rotations. Mark. Michael Biebl writes: > Am 04.08.2017 um 11:27 schrieb Mark Charter: > > Michael, > > > > Thanks for your reply. > > > > /var/log/btmp should not be world readable because a common cause of > > login failures is to give password instead of username, which would > > result in passwords being world readable. See Debian bug 341883: > > > > Hm, if that is the case that passwords are logged to that file, do we > really want to make that file read/writable by group utmp? > > The Debian policy [1] only says that /var/log/wtmp,lastlog and > /var/run/utmp should be writable by group utmp. > > Given that, wouldn't it be a safer default to have 0600 root:root for > /var/log/btmp as systemd creates it? > > Michael > > [1] > https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s11.3 > > x[DELETED ATTACHMENT signature.asc, application/pgp-signature] ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#870638: systemd: /var/log/btmp has inconsistent permissions
Am 04.08.2017 um 11:27 schrieb Mark Charter: > Michael, > > Thanks for your reply. > > /var/log/btmp should not be world readable because a common cause of > login failures is to give password instead of username, which would > result in passwords being world readable. See Debian bug 341883: > Hm, if that is the case that passwords are logged to that file, do we really want to make that file read/writable by group utmp? The Debian policy [1] only says that /var/log/wtmp,lastlog and /var/run/utmp should be writable by group utmp. Given that, wouldn't it be a safer default to have 0600 root:root for /var/log/btmp as systemd creates it? Michael [1] https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s11.3 signature.asc Description: OpenPGP digital signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#870638: systemd: /var/log/btmp has inconsistent permissions
Michael, Thanks for your reply. /var/log/btmp should not be world readable because a common cause of login failures is to give password instead of username, which would result in passwords being world readable. See Debian bug 341883: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341883 sshd (from OpenSSH) will refuse to write to /var/log/btmp if it is world readable. This comment is from openssh/loginrec.c: /* * Logs failed login attempts in _PATH_BTMP if that exists. * The most common login failure is to give password instead of username. * So the _PATH_BTMP file checked for the correct permission, so that * only root can read it. */ I don't think /var/log/wtmp or /var/run/utmp record failed logins, so they can be world readable. Mark. Michael Biebl writes: > Control: tags -1 + moreinfo > > Am 03.08.2017 um 18:46 schrieb Mark Charter: > > Package: systemd > > Version: 232-25+deb9u1 > > Severity: normal > > > > Dear Maintainer, > > > > When /var/log/btmp is created at installation (by > > /var/lib/dpkg/info/base-files.postinst) its permissions are 0660 > > (u=rw,g=rw,o=). When it is (re)created by log file rotation (in > > /etc/logrotate.conf) its permissions are also 0660. But if it is > > created by systemd, or after a reboot, its permissions (from > > /usr/lib/tmpfiles.d/var.conf) are 0600. So its permissions can change > > with time, and they often change across a reboot. > > > > I suggest that the three sources of file permissions should be made > > consistent, for example by changing the permissions in > > /usr/lib/tmpfiles.d/var.conf from > > > > f /var/log/btmp 0600 root utmp - > > > > to > > > > f /var/log/btmp 0660 root utmp - > > Why do /var/log/btmp and /var/log/utmp have different permissions, i.e. > 0660 vs 0664 in Debian? That seems inconsistent as well. > > > -- > Why is it that all of the instruments seeking intelligent life in the > universe are pointed away from Earth? > > x[DELETED ATTACHMENT signature.asc, application/pgp-signature] ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Processed: Re: Bug#870638: systemd: /var/log/btmp has inconsistent permissions
Processing control commands: > tags -1 + moreinfo Bug #870638 [systemd] systemd: /var/log/btmp has inconsistent permissions Added tag(s) moreinfo. -- 870638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870638 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#870638: systemd: /var/log/btmp has inconsistent permissions
Control: tags -1 + moreinfo Am 03.08.2017 um 18:46 schrieb Mark Charter: > Package: systemd > Version: 232-25+deb9u1 > Severity: normal > > Dear Maintainer, > > When /var/log/btmp is created at installation (by > /var/lib/dpkg/info/base-files.postinst) its permissions are 0660 > (u=rw,g=rw,o=). When it is (re)created by log file rotation (in > /etc/logrotate.conf) its permissions are also 0660. But if it is > created by systemd, or after a reboot, its permissions (from > /usr/lib/tmpfiles.d/var.conf) are 0600. So its permissions can change > with time, and they often change across a reboot. > > I suggest that the three sources of file permissions should be made > consistent, for example by changing the permissions in > /usr/lib/tmpfiles.d/var.conf from > > f /var/log/btmp 0600 root utmp - > > to > > f /var/log/btmp 0660 root utmp - Why do /var/log/btmp and /var/log/utmp have different permissions, i.e. 0660 vs 0664 in Debian? That seems inconsistent as well. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#870638: systemd: /var/log/btmp has inconsistent permissions
Package: systemd Version: 232-25+deb9u1 Severity: normal Dear Maintainer, When /var/log/btmp is created at installation (by /var/lib/dpkg/info/base-files.postinst) its permissions are 0660 (u=rw,g=rw,o=). When it is (re)created by log file rotation (in /etc/logrotate.conf) its permissions are also 0660. But if it is created by systemd, or after a reboot, its permissions (from /usr/lib/tmpfiles.d/var.conf) are 0600. So its permissions can change with time, and they often change across a reboot. I suggest that the three sources of file permissions should be made consistent, for example by changing the permissions in /usr/lib/tmpfiles.d/var.conf from f /var/log/btmp 0600 root utmp - to f /var/log/btmp 0660 root utmp - -- Package-specific info: -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii adduser 3.115 ii libacl1 2.2.52-3+b1 ii libapparmor12.11.0-3 ii libaudit1 1:2.6.7-2 ii libblkid1 2.29.2-1 ii libc6 2.24-11+deb9u1 ii libcap2 1:2.25-1 ii libcryptsetup4 2:1.7.3-4 ii libgcrypt20 1.7.6-2+deb9u1 ii libgpg-error0 1.26-2 ii libidn111.33-1 ii libip4tc0 1.6.0+snapshot20161117-6 ii libkmod223-2 ii liblz4-10.0~r131-2+b1 ii liblzma55.2.2-1.2+b1 ii libmount1 2.29.2-1 ii libpam0g1.1.8-3.6 ii libseccomp2 2.3.1-2.1 ii libselinux1 2.6-3+b1 ii libsystemd0 232-25+deb9u1 ii mount 2.29.2-1 ii procps 2:3.3.12-3 ii util-linux 2.29.2-1 Versions of packages systemd recommends: ii dbus1.10.18-1 ii libpam-systemd 232-25+deb9u1 Versions of packages systemd suggests: ii policykit-10.105-18 pn systemd-container pn systemd-ui Versions of packages systemd is related to: pn dracut ii initramfs-tools 0.130 ii udev 232-25+deb9u1 -- Configuration Files: /etc/systemd/logind.conf changed [not included] -- no debconf information ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
