Daniel Burrows <dburr...@debian.org> wrote: > On Monday 13 December 2004 06:58 pm, martin f krafft wrote: >> Please consider making the log file of aptitude root:adm with 0640 >> permissions, in accordance with the majority of other log files. > > Why? There's nothing confidential about the information in the log file; if > you want to (eg) find out what vulnerable software is available on the > system, the apt cache (which is also unprotected by default) is a much better > place to look.
Presently, the permissions of aptitude's log file are not different to those of apt or dpkg: -rw-r--r-- 1 root root 111461 Dec 1 00:02 /var/log/aptitude -rw-r--r-- 1 root root 601478 Dec 8 18:08 /var/log/dpkg.log -rw-r--r-- 1 root root 43382 Dec 8 18:08 /var/log/apt/history.log -rw-r--r-- 1 root adm 289977 Dec 8 18:08 /var/log/apt/term.log -rw-r--r-- 1 root root 84946 Dec 8 16:01 /var/lib/apt/extended_states -rw-r--r-- 1 root root 1823490 Dec 8 15:57 /var/lib/dpkg/status or many other logs which are not security sensitive: -rw-r--r-- 1 root root 0 Dec 2 09:11 /var/log/alternatives.log -rw-r--r-- 1 root root 107298 Mar 24 2011 /var/log/bootstrap.log -rw-r--r-- 1 root root 2037 Oct 13 22:04 /var/log/fontconfig.log -rw-r--r-- 1 root root 2700 Dec 8 17:29 /var/log/pm-powersave.log -rw-r--r-- 1 root root 61720 Dec 8 17:29 /var/log/pm-suspend.log -rw-r--r-- 1 root root 0 Mar 24 2011 /var/log/pycentral.log -rw-r--r-- 1 root root 46397 Dec 8 17:29 /var/log/Xorg.0.log -rw-r--r-- 1 root root 33419 Nov 24 23:55 /var/log/Xorg.0.log.old etc. As this situation is unlikely to change, unless anyone objects, I will close or +wontfix this bug shortly. Thanks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
