netbsd-users: Re: insecurity report wtmpx and wtmp incorrect gid...

Subject: Re: insecurity report wtmpx and wtmp incorrect gid...
To: Hauke Fath <hf@spg.tu-darmstadt.de>
From: Gilles Gravier <Gilles@Gravier.org>
List: netbsd-users
Date: 02/24/2006 13:36:01
This is a cryptographically signed message in MIME format.

--------------ms060404090302070907040503
Content-Type: multipart/alternative;
 boundary="------------090904050702060904070505"

This is a multi-part message in MIME format.
--------------090904050702060904070505
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Hi, Hauke!

The cotent of /etc/newsyslog.conf is :


#       $NetBSD: newsyslog.conf,v 1.18 2003/11/21 18:07:09 abs Exp $
#
# Configuration file for newsyslog(8).
#
# logfilename           [owner:group]   mode ngen size when flags 
[/pidfile] [sigtype]
#
/var/log/aculog         uucp:dialer     640  7    *    24   Z
/var/log/authlog                        600  5    100  *    Z
/var/log/cron           root:wheel      600  3    100  *    Z
/var/log/kerberos.log                   640  7    *    24   ZN
/var/log/lpd-errs                       640  7    100  *    Z
/var/log/maillog                        600  7    *    24   Z
/var/log/messages                       644  10   250  *    Z
/var/log/wtmp                           644  7    *    168  ZBN
/var/log/wtmpx                          644  7    *    168  ZBN
/var/log/xferlog                        640  7    250  *    Z


But I've modified the wtmp and wtmpx lines of /etc/mtree/set.etc to have 
gname=utmp instead of gname=wheel ... and will see tomorrow if it is 
fixed. :)

Gilles.


Hauke Fath wrote:
> Am 24.02.2006 um 9:49 Uhr +0100 schrieb Gilles Gravier:
>> And I agree that they should (as specified by /etc/mtree/special) be 
>> group name=utmp
>>
>> The problem is that when I set them to group name=utmp, something, in 
>> my machine, sets them back to group name=wheel
>
> What does you /etc/newsyslog.conf say?
>
>     hauke
>

-- 
/*Gilles Gravier*/ *=* *Gilles@Gravier.org* <mailto:Gilles@Gravier.org> 
*=* *http://www.gravier.org/*
ICQ : *77488526* 
<http://www.icq.com/whitepages/about_me.php?Uin=77488526> * || *MSN 
Messenger : Gilles@Gravier.org <http://members.msn.com/Gilles@Gravier.org>*
*Skype : ggravier <callto://ggravier>* || *Y! : ggravier 
<http://profiles.yahoo.com/ggravier> || AOL : gillesgravier 
<aim:goim?screenname=gillesgravier>
PGP Key ID : *0x8DE6D026* 
<http://pgp.mit.edu:11371/pks/lookup?search=0x8DE6D026&op=index>
"Chastity is its own punishment." (/Solomon Short/) [/David Gerrold/]
"De toutes les aberrations sexuelles, la chasteté est la plus 
aberrante." [Anatole France]


--------------090904050702060904070505
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi, Hauke!<br>
<br>
The cotent of /etc/newsyslog.conf is :<br>
<br>
<br>
#&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $NetBSD: newsyslog.conf,v 1.18 2003/11/21 18:07:09 abs Exp $<br>
#<br>
# Configuration file for newsyslog(8).
<br>
#<br>
# logfilename&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [owner:group]&nbsp;&nbsp; mode ngen size when flags
[/pidfile] [sigtype]<br>
#<br>
/var/log/aculog&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; uucp:dialer&nbsp;&nbsp;&nbsp;&nbsp; 640&nbsp; 7&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp; 24&nbsp;&nbsp; Z
<br>
/var/log/authlog&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 600&nbsp; 5&nbsp;&nbsp;&nbsp; 100&nbsp; *&nbsp;&nbsp;&nbsp; Z<br>
/var/log/cron&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; root:wheel&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 600&nbsp; 3&nbsp;&nbsp;&nbsp; 100&nbsp; *&nbsp;&nbsp;&nbsp; Z<br>
/var/log/kerberos.log&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 640&nbsp; 7&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp; 24&nbsp;&nbsp; ZN<br>
/var/log/lpd-errs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 640&nbsp; 7&nbsp;&nbsp;&nbsp; 100&nbsp; *&nbsp;&nbsp;&nbsp; Z<br>
/var/log/maillog&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 600&nbsp; 7&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp; 24&nbsp;&nbsp; Z<br>
/var/log/messages&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 644&nbsp; 10&nbsp;&nbsp; 250&nbsp; *&nbsp;&nbsp;&nbsp; Z<br>
/var/log/wtmp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 644&nbsp; 7&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp; 168&nbsp; ZBN<br>
/var/log/wtmpx&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 644&nbsp; 7&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp; 168&nbsp; ZBN<br>
/var/log/xferlog&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 640&nbsp; 7&nbsp;&nbsp;&nbsp; 250&nbsp; *&nbsp;&nbsp;&nbsp; Z<br>
<br>
<br>
But I've modified the wtmp and wtmpx lines of /etc/mtree/set.etc to
have gname=utmp instead of gname=wheel ... and will see tomorrow if it
is fixed. :)<br>
<br>
Gilles.<br>
<br>
<br>
Hauke Fath wrote:
<blockquote cite="midf06230903c024aa748523@%5B130.83.118.66%5D"
 type="cite">Am 24.02.2006 um 9:49 Uhr +0100 schrieb Gilles Gravier:
  <br>
  <blockquote type="cite">And I agree that they should (as specified by
/etc/mtree/special) be group name=utmp
    <br>
    <br>
The problem is that when I set them to group name=utmp, something, in
my machine, sets them back to group name=wheel
    <br>
  </blockquote>
  <br>
What does you /etc/newsyslog.conf say?
  <br>
  <br>
&nbsp;&nbsp;&nbsp;&nbsp;hauke
  <br>
  <br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<title>Signature Gilles Gravier</title>
<link rel="important stylesheet"
 href="chrome://messenger/skin/messageBody.css">
<meta content="text/html;" http-equiv="Content-Type">
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">
<meta content="Gilles@Gravier.org" name="author">
<div class="moz-signature">
<div style="text-align: left;">
<table
 style="text-align: left; background-color: rgb(102, 102, 102); width: 500px; height: 73px;"
 border="1" cellpadding="3" cellspacing="3">
  <tbody>
    <tr>
      <td
 style="text-align: center; vertical-align: middle; background-color: rgb(204, 204, 204); white-space: nowrap;">
      <div
 style="text-align: center; background-color: rgb(204, 204, 204);"><tt><font
 color="#7d6eaf"><i><b>Gilles Gravier</b></i> <b>=</b> </font><a
 href="mailto:Gilles@Gravier.org"><font color="#000000"><b>Gilles@Gravier.org</b></font></a><font
 color="#7d6eaf"> <b>=</b> </font><a href="http://www.gravier.org/"><font
 color="#000000"><b>http://www.gravier.org/</b></font></a></tt><br>
      </div>
      <div
 style="text-align: center; background-color: rgb(204, 204, 204);"><tt><font
 color="#009900"><span
 style="font-family: monospace; color: rgb(0, 0, 0); font-weight: bold;"></span></font><font
 color="#000099">ICQ :</font> <a
 href="http://www.icq.com/whitepages/about_me.php?Uin=77488526"><font
 color="#009900"><b>77488526</b></font></a></tt>&nbsp;<tt><font
 color="#009900"><b><span
 style="font-family: monospace; color: rgb(0, 0, 0);"> || </span></b></font></tt><tt><font
 color="#000099">MSN Messenger : <a
 href="http://members.msn.com/Gilles@Gravier.org"><span
 style="color: rgb(0, 153, 0); font-weight: bold;">Gilles@Gravier.org</span></a></font></tt><tt><font
 color="#009900"><b><span
 style="font-family: monospace; color: rgb(0, 0, 0);"><br>
      </span></b></font></tt><span
 style="font-family: monospace; color: rgb(0, 0, 153);">Skype</span><tt><font
 color="#000099"><span style="color: rgb(0, 0, 153);"> :&nbsp;</span><a
 href="callto://ggravier"><span
 style="font-weight: bold; color: rgb(0, 153, 0);">ggravier</span></a></font></tt><tt><font
 color="#009900"><b><span
 style="font-family: monospace; color: rgb(0, 0, 0);"> || </span></b></font></tt><tt><font
 color="#000099"><span style="color: rgb(0, 153, 0);"></span><span
 style="font-weight: bold;"></span>Y! : <a
 href="http://profiles.yahoo.com/ggravier"><span
 style="color: rgb(0, 153, 0); font-weight: bold;">ggravier</span></a></font></tt><tt
 style="font-weight: bold;"><font color="#009900"><span
 style="font-family: monospace; color: rgb(0, 0, 0);"> || </span></font></tt><tt><font
 color="#000099">AOL : <a href="aim:goim?screenname=gillesgravier"><span
 style="color: rgb(0, 153, 0); font-weight: bold;">gillesgravier</span></a><br>
      </font></tt><tt><font color="#000099">PGP Key ID :</font> <a
 href="http://pgp.mit.edu:11371/pks/lookup?search=0x8DE6D026&amp;op=index"><font
 color="#009900"><b>0x8DE6D026</b></font></a></tt><br>
      </div>
      <div
 style="text-align: center; background-color: rgb(204, 204, 204);"><tt>"Chastity
is its own punishment." (<font color="#999999"><i>Solomon Short</i></font>)
[<font color="#666666"><i>David Gerrold</i></font>]<br>
      </tt><span style="font-family: monospace;">"De toutes les
aberrations sexuelles, la chastet&eacute; est la plus aberrante." [<span
 style="font-style: italic;"><font color="#666666">Anatole France</font></span>]</span><br>
      </div>
      </td>
    </tr>
  </tbody>
</table>
</div>
</div>
</div>
</body>
</html>

--------------090904050702060904070505--

--------------ms060404090302070907040503
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJeTCC
AxcwggKAoAMCAQICAw9CWjANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwODA1MjI1NzM4WhcNMDYwODA1MjI1NzM4
WjBfMRAwDgYDVQQEEwdHcmF2aWVyMQ8wDQYDVQQqEwZHaWxsZXMxFzAVBgNVBAMTDkdpbGxl
cyBHcmF2aWVyMSEwHwYJKoZIhvcNAQkBFhJnaWxsZXNAZ3Jhdmllci5vcmcwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC199MMtghWzKIuhBXAWnzNNefa/UJHgdS7GYtMt2Yz
1KPvEP1P5IIg/X1SH6nHQIDBQkN9DKAJ6DIPRkckbrg7HyuTus6w+FgyGEjb7Jd1NKAPU04P
agz3kVU7sf/NoqIeVjNP2f3R6zXvtWFHE6VGzH6JmSx8XNRSoFMoXGI5wG6K8IWqZhiUdyNQ
lKavpdj6QE0YngxNq49tzlsXb/yOZtTA5IfNi2bFwMJfXEICDpkF1zzXnsSLq+FnZgCQW0Xp
0B2aaoZY0cxcYESTubpK89/aPvWIqKsAjYhfBrRYc2k4+eip3UDGeav6DdDKCROLs28RnI0E
jHO7ZM/hzVwXAgMBAAGjWjBYMCkGBStlAQQBBCAwHgIBADAZMBcCAQQEEmM4dkRHN0xGenBH
Y0t1UjJKUTAdBgNVHREEFjAUgRJnaWxsZXNAZ3Jhdmllci5vcmcwDAYDVR0TAQH/BAIwADAN
BgkqhkiG9w0BAQQFAAOBgQA/cRlhXQiI9xAU0Rm/pVbm3icXgL5XXvfcbA2V5Z2uKqRDcgtw
eNHs6kAlYP+qBZkCnvCu1ECdMQETJB3iP9czDQajkJhJBVmAD1ka14OeQyvLM8PiYk2vJ9q5
8VjYuWNGiHHydL0CHfxPXJZTY0koIJfdhvCzsxwfRsZ8pllOnDCCAxcwggKAoAMCAQICAw9C
WjANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1
bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz
c3VpbmcgQ0EwHhcNMDUwODA1MjI1NzM4WhcNMDYwODA1MjI1NzM4WjBfMRAwDgYDVQQEEwdH
cmF2aWVyMQ8wDQYDVQQqEwZHaWxsZXMxFzAVBgNVBAMTDkdpbGxlcyBHcmF2aWVyMSEwHwYJ
KoZIhvcNAQkBFhJnaWxsZXNAZ3Jhdmllci5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC199MMtghWzKIuhBXAWnzNNefa/UJHgdS7GYtMt2Yz1KPvEP1P5IIg/X1SH6nH
QIDBQkN9DKAJ6DIPRkckbrg7HyuTus6w+FgyGEjb7Jd1NKAPU04Pagz3kVU7sf/NoqIeVjNP
2f3R6zXvtWFHE6VGzH6JmSx8XNRSoFMoXGI5wG6K8IWqZhiUdyNQlKavpdj6QE0YngxNq49t
zlsXb/yOZtTA5IfNi2bFwMJfXEICDpkF1zzXnsSLq+FnZgCQW0Xp0B2aaoZY0cxcYESTubpK
89/aPvWIqKsAjYhfBrRYc2k4+eip3UDGeav6DdDKCROLs28RnI0EjHO7ZM/hzVwXAgMBAAGj
WjBYMCkGBStlAQQBBCAwHgIBADAZMBcCAQQEEmM4dkRHN0xGenBHY0t1UjJKUTAdBgNVHREE
FjAUgRJnaWxsZXNAZ3Jhdmllci5vcmcwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOB
gQA/cRlhXQiI9xAU0Rm/pVbm3icXgL5XXvfcbA2V5Z2uKqRDcgtweNHs6kAlYP+qBZkCnvCu
1ECdMQETJB3iP9czDQajkJhJBVmAD1ka14OeQyvLM8PiYk2vJ9q58VjYuWNGiHHydL0CHfxP
XJZTY0koIJfdhvCzsxwfRsZ8pllOnDCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAw
gdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg
VG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w
MzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU
aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg
RnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV
+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfAr
hVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/
p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8
MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWls
Q0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxh
YmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/
TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amc
OY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggM7MIID
NwIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5
KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQID
D0JaMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN
AQkFMQ8XDTA2MDIyNDEyMzYwMVowIwYJKoZIhvcNAQkEMRYEFIodeBj1tq9ZBdg4wTpTr49g
IK9vMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqG
SIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMHgGCSsGAQQBgjcQBDFrMGkwYjEL
MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMPQlowegYLKoZI
hvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGlu
ZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWlu
ZyBDQQIDD0JaMA0GCSqGSIb3DQEBAQUABIIBAIaM2cLIWUXQUs5XKxwychO9R4oSc2cM3XIR
QzLUUFWasUBcbXwwzA0bLRQDJ5IdNFzOzNIYC8lf/4diVsMMJ8RSNm91QDIokfUMnw1NG82O
jHUaj40JTchz/D81KXq3l4I9yimWMMyo41j5n77/gcTvojS5UlDuP90bDxxf8siM+hL3Vjqq
qsirEVdCpJ7l+MhtnCVcF1ePcUsurM6rEOI/1ofTHvsscg341NtLvd97fN7HvoA2myND392i
Opcg9obznR5BAqZ3M5eEy7Td7LGBh3ADkjTLjKnhQBeOYhID0ISZNK/CYXIAeezREF8ohh3L
b/fKcydgt9nwgbD29OMAAAAAAAA=
--------------ms060404090302070907040503--