[Logcheck-devel] Bug#481347: logcheck: Logcheck leaves world-readable dead.letter

Stefanos Harhalakis v13 at v13.gr
Thu May 15 12:39:19 UTC 2008


Package: logcheck
Version: 1.2.54
Severity: grave
Tags: security
Justification: user security hole

Logcheck can leave a world readable dead.letter that contains parsed
logs.

Steps to reproduce:
* Create a lot of logs that will not be filtered by logcheck. (very
  easy). 10MBytes should be enough. You have an hour to do so.
* When logcheck runs it will produce a file of size X MBytes to be
  mailed to root
* Most MTAs have a limit for the maximum message size. If it is exceeded
  and you're using sendmail, the mail will be saved in a file named dead.letter
* For logcheck this is placed in: /var/lib/logcheck/dead.letter
* Go read this file and get some logs that you should not see

Example file:
-rw-r--r-- 1 logcheck logcheck 17001006 2008-05-15 15:02 /var/lib/logcheck/dead.letter

Proposed solution:
Change permissions of /var/lib/logcheck dir to 770


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages logcheck depends on:
ii  adduser          3.102                   Add and remove users and groups
ii  cron             3.0pl1-100              management of regular background p
ii  debconf          1.5.11etch1             Debian configuration management sy
ii  grep             2.5.1.ds2-6             GNU grep, egrep and fgrep
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logtail          1.2.54                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii  sendmail-bin [ma 8.13.8-3                powerful, efficient, and scalable 
ii  sysklogd [system 1.4.1-18                System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database             1.2.54     database of system log rules for t

-- no debconf information






More information about the Logcheck-devel mailing list