Change various log file modes from mode 664 to 644. Allowing group

wheel to trash logfiles is not exactly good security policy. There have been several gid wheel holes in ports. Various other files were changed as well (eg: the locate database were set to more restrictive modes (444) by their generation scripts) so this should be safe for them. utmp and wtmp are mode 644 already on all the systems we checked. Submitted by: jkb Reviewed by: kris
svn path=/head/; revision=63097
2000-07-14 01:12:50 +00:00 · 2000-07-14 01:12:50 +00:00 · 4944b91311 · 2020-12-20 02:59:44 +00:00
commit 4944b91311
parent 05f560ae59
2 changed files with 13 additions and 13 deletions
--- a/etc/Makefile
+++ b/etc/Makefile
@ -113,15 +113,15 @@ distribution:
 	    ${NOSPAM} ${DESTDIR}/etc/mail
 	${INSTALL} -c -o ${BINOWN} -g operator -m 664 /dev/null \
 	    ${DESTDIR}/etc/dumpdates
-	${INSTALL} -c -o nobody -g ${BINGRP} -m 664 /dev/null \
+	${INSTALL} -c -o nobody -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/db/locate.database
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/log/lpd-errs
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/log/maillog
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/log/lastlog
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/log/messages
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \
 	    ${DESTDIR}/var/log/security
@ -129,9 +129,9 @@ distribution:
 	    ${DESTDIR}/var/log/slip.log
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \
 	    ${DESTDIR}/var/log/ppp.log
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/log/wtmp
-	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
 	    ${DESTDIR}/var/run/utmp
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 ${.CURDIR}/minfree \
 	    ${DESTDIR}/var/crash
--- a/etc/newsyslog.conf
+++ b/etc/newsyslog.conf
@ -3,12 +3,12 @@
 #
 # logfilename          [owner:group]    mode count size when [ZB] [/pid_file] [sig_num]
 /var/log/cron				600  3	   100  *     Z
-/var/log/amd.log			664  7	   100  *     Z
-/var/log/kerberos.log			664  7	   100  *     Z
-/var/log/lpd-errs			664  7	   100  *     Z
-/var/log/maillog			664  7     *    @T00  Z
-/var/log/sendmail.st			664  10    *    168   B
-/var/log/messages			664  5	   100  *     Z
+/var/log/amd.log			644  7	   100  *     Z
+/var/log/kerberos.log			644  7	   100  *     Z
+/var/log/lpd-errs			644  7	   100  *     Z
+/var/log/maillog			644  7     *    @T00  Z
+/var/log/sendmail.st			644  10    *    168   B
+/var/log/messages			644  5	   100  *     Z
 /var/log/all.log			600  7     *    @T00  Z
 /var/log/slip.log			600  3	   100  *     Z
 /var/log/ppp.log			600  3	   100	*     Z