11305 – wrong permissions for /var/log/btmp

Bug 11305 - wrong permissions for /var/log/btmp

Summary: wrong permissions for /var/log/btmp

Status:	CLOSED FIXED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	- Unknown - Balancing
Assignee:	Matthias Fischer
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-03-23 17:12 UTC by ipf-tom
Modified:	2017-11-08 23:33 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ipf-tom 2017-03-23 17:12:54 UTC

The file /var/log/btmp should not be readable by non-root:

If someone is typing the password when the user was expected, the failed login will be documented in btmp. Probably user will login correct soon. So you have a combination of user (wtmp / last) and password (btmp / lastb).

Therefore the system denies to write into btmp because of bad permissions.

/var/log/messages:
Mar 23 08:52:21 ipfire sshd[31548]: Failed password for root from 1.2.3.4 port 63320 ssh2
Mar 23 08:52:21 ipfire sshd[31548]: Excess permission or bad ownership on file 

ls -l /var/log/btmp
-rw-r--r-- 1 root root 0 Feb  1 22:51 /var/log/btmp

should be
-rw------- 1 root root 0 Feb  1 22:51 /var/log/btmp

Comment 1 ipf-tom 2017-03-23 17:16:30 UTC

observed in IPFire 2.19 (x86_64) - Core Update 109

Comment 2 Matthias Fischer 2017-04-28 21:32:23 UTC

Suggested fix:

=> http://patchwork.ipfire.org/patch/1099/

=> http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=dcd97580c3f6aec7a4dc70b2af721368f14fd11c

Best,
Matthias

Comment 3 Peter Müller 2017-11-08 17:45:46 UTC

Is this bug still valid? (Currently cleaning up bug list... :-) )

Comment 4 Matthias Fischer 2017-11-08 23:33:49 UTC

Fixed in Core 111