From yar@stylish.chem.msu.su  Tue Feb 11 04:07:10 2003
Return-Path: <yar@stylish.chem.msu.su>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9D90537B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Feb 2003 04:07:10 -0800 (PST)
Received: from stylish.chem.msu.su (stylish.chem.msu.su [158.250.32.111])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EE9D343FAF
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Feb 2003 04:07:08 -0800 (PST)
	(envelope-from yar@stylish.chem.msu.su)
Received: from stylish.chem.msu.su (localhost [127.0.0.1])
	by stylish.chem.msu.su (8.12.6/8.12.6) with ESMTP id h1BC69Mj026644
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Feb 2003 15:06:09 +0300 (MSK)
	(envelope-from yar@stylish.chem.msu.su)
Received: (from yar@localhost)
	by stylish.chem.msu.su (8.12.6/8.12.6/Submit) id h1BC69U7026643;
	Tue, 11 Feb 2003 15:06:09 +0300 (MSK)
Message-Id: <200302111206.h1BC69U7026643@stylish.chem.msu.su>
Date: Tue, 11 Feb 2003 15:06:09 +0300 (MSK)
From: Yar Tikhiy <yar@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Subject: LOG_AUTHPRIV messages disclosed due to default syslog.conf
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         48170
>Category:       conf
>Synopsis:       LOG_AUTHPRIV messages disclosed due to default syslog.conf
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 11 04:10:10 PST 2003
>Closed-Date:    Tue May 27 03:36:53 PDT 2003
>Last-Modified:  Tue May 27 03:36:53 PDT 2003
>Originator:     Yar Tikhiy
>Release:        FreeBSD 5.0-RELEASE i386
>Organization:
Moscow State University
>Environment:
	This problem exists in both STABLE and CURRENT.

>Description:
	The syslog(3) facility LOG_AUTHPRIV is intended to hide log
	messages that should not be seen by ordinary users by sending
	such messages to a separate, protected log file.  For
	instance, login(1) drops two messages per an invalid login
	attempt, one to LOG_AUTH and the other to LOG_AUTHPRIV.
	The latter includes the username attempted, which may happen
	to be a password typed at the wrong prompt, so nobody but
	the sysadmins should see it.

	At the same time, default syslog.conf(5) sends *.notice to
	/var/log/messages, while LOG_NOTICE is the level
	used for messages about invalid authentication (since
	LOG_INFO is for normal operation, e.g., successful logins).
	That's why really sensitive messages sent to LOG_AUTHPRIV
	appear visible to everyone in the system.

>How-To-Repeat:
	(Mis)type your password at the "login:" prompt.
	See it world-readable in /var/log/messages.

>Fix:
Index: syslog.conf
===================================================================
RCS file: /home/ncvs/src/etc/syslog.conf,v
retrieving revision 1.23
diff -u -r1.23 syslog.conf
--- syslog.conf	21 Sep 2002 12:07:35 -0000	1.23
+++ syslog.conf	11 Feb 2003 11:39:55 -0000
@@ -6,7 +6,7 @@
 #	may want to use only tabs as field separators here.
 #	Consult the syslog.conf(5) manpage.
 *.err;kern.debug;auth.notice;mail.crit		/dev/console
-*.notice;kern.debug;lpr.info;mail.crit;news.err	/var/log/messages
+*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err	/var/log/messages
 security.*					/var/log/security
 auth.info;authpriv.info				/var/log/auth.log
 mail.info					/var/log/maillog
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: yar 
State-Changed-When: Thu Apr 3 10:38:45 PST 2003 
State-Changed-Why:  
Fixed in -CURRENT. 


Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: yar 
Responsible-Changed-When: Thu Apr 3 10:38:45 PST 2003 
Responsible-Changed-Why:  
Nobody concerned with /etc has displayed interest to this problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48170 
State-Changed-From-To: patched->closed 
State-Changed-By: yar 
State-Changed-When: Tue May 27 03:35:58 PDT 2003 
State-Changed-Why:  
The problem has been fixed in both active branches. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48170 
>Unformatted:
