2008/8/28 Giacomo A. Catenazzi <[EMAIL PROTECTED]>: > Johan Walles wrote: >> Security shouldn't be based on nobody ever doing more or less common >> mistakes. > > auth.log was invented for this reason, and separated to standard log: > it should be readable only by root, because users do errors.
It's readable by anybody with physical access to the hardware. Hard disks get stolen all the time [1], and on publicly accessible machines it's often possible to boot in runlevel 1 or from something other than the hard disk and access any files you like. That's why the passwords in /etc/shadow are all hashed, rather than just being chmodded. > Anyway root already has the capability to view passwords > (i.e. by installing alternate login programs, sniffing tty, ...) That doesn't mean Debian should *help* root doing that in a default install. Security by default, anybody? > So auth.log should log usernames, so that users don't do > wrong assumption that password are not accessible by root! I can see a point in logging *valid* usernames. Logging invalid usernames (which aren't unlikely to actually be passwords) is a security risk. Cheers //Johan [1] - http://www.finfacts.ie/irishfinancenews/article_1014326.shtml -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
