I have updated to 10.4.6, and twice after running disk utility i have
gotten this log entry:
Apr 17 15:39:40: Disk Utility started.
Repairing permissions for ³Macintosh HD
Determining correct file permissions.
Permissions differ on ./private/var/log/secure.log, should be -rw-------
, they are -rw-r-----
Owner and group corrected on ./private/var/log/secure.log
Permissions corrected on ./private/var/log/secure.log
Permissions repair complete
The privileges have been verified or repaired on the selected volume
Is this serious? Has anyone else gotten this?
Is this serious? Has anyone else gotten this?
Why is it that the first time I read the subject of this thread, I saw "security bleach"? Am I becoming Chinese? :-D
Sorry, going off on a tangent.
Why is it that the first time I read the subject of this thread, I saw "security bleach"? Am I becoming Chinese? :-D
Don't knock security bleach. I once had a girlfriend that used it and
her underwear was not only whiter than white, but also totally
impenetrable.
As for the confusion of R's and L's, I would like to point out that
Asians are not the only ones who confuse the two letters. They are universally confused by English speakers as well.
I don't know much Chinese, but I speak Lao and Thai. Some consonants,
vowels, and dipthongs that are quite distinct to the ears of native
speakers of these languages are not differentiated by westerners.
Russ Dumke <russelldumke@sbcglobal.net> writes:
I have updated to 10.4.6, and twice after running disk utility i have gotten this log entry:
Apr 17 15:39:40: Disk Utility started.
Repairing permissions for ³Macintosh HD
Determining correct file permissions.
Permissions differ on ./private/var/log/secure.log, should be -rw-------
, they are -rw-r-----
Owner and group corrected on ./private/var/log/secure.log
Permissions corrected on ./private/var/log/secure.log
Permissions repair complete
The privileges have been verified or repaired on the selected volume
Is this serious? Has anyone else gotten this?
Yes, we've all seen it. And no, it's not a security breach. But it is
a bug that could be used as a part of an exploit if you regularly work
from an administrator account.
The secure log's permissions are supposed to be -rw-------, which means
that only the root account can read and write it.
There is a bug is the daily periodic task that changes this every
night. More specifically, it deletes the oldest secure log and then
renames all the remaining ones, and creates a new most-recent secure.log file. (This is what log-rotation means). When it does so, it creates
the new log file as -rw-r-----, which means that any user in the admin
group can read the file.
If neither you nor any of your other users work from an admin account,
then this bug means nothing, since the file will not be readable.
If you normally work from an admin account, and you accidentally install
a piece of malware, it might be able to use the log file's information
as a part of an exploit. The secure log keeps track of successful and
failed authentication attempts, for a variety of programs, so it could
be used to determine what accounts have recently been used with which services to access the computer.
-- David
Thank you for the reply. FWIW, I just tried running DU after doing the
daily cron job via MacJanitor, and I didn't see the problem, so I'm
not sure if it's a daily thing or not. I hope Apple knows about and
fixes this bug soon.
Note the :-D on my comment.
Howard S Shubs <howard@shubs.net> wrote:
Note the :-D on my comment.
An intruder that does not occur in any of my usual areas of discourse
:-)
What set of signs does it belong to? What does it signify?
Russ Dumke <russelldumke@sbcglobal.net> writes:
Thank you for the reply. FWIW, I just tried running DU after doing the daily cron job via MacJanitor, and I didn't see the problem, so I'm
not sure if it's a daily thing or not. I hope Apple knows about and
fixes this bug soon.
Sorry. I should've checked more closely. Secure.log is rotated by the weekly script.
Log rotation is actually done by all three scripts (for different logs).
The daily script rotates these files:
/var/account/acct
system.log
The weekly script rotates these files:
ftp.log
http/error_log
httpd/access_log
hwmond.log
ipfw.log
lookupd.log
lpr.log
mail.log
netinfo.log
ppp.log
secure.log
The monthly script rotates these files:
fax/*.log
install.log
wtmp
The fix for the problem is to copy the log-rotation section of the
weekly script. One copy should only rotate secure.log, the other should
have secure.log removed from its list. Then in the block rotating secuire.log, change the permissions (the chmod command) from 640 to 600.
You can do it if you don't want to wait for Apple to fix this.
But as I wrote, this bug really means nothing unless you normally work
from an admin account, which is bad security practice in the first place.
-- David
Hmmmm... I do run as admin (i've seen some reports on the net about
problems that occur when you don't).
I'm afraid you lost me on the fix (copying the log-rotation section of
the weekly script). How exactly would I do this?
In article <1he27iu.kf84ld1ajvtiiN%uo-wgo@qvepba.pb.hx.invalid>,
uo-wgo@qvepba.pb.hx.invalid (Hylton Boothroyd) wrote:
Howard S Shubs <howard@shubs.net> wrote:
Note the :-D on my comment.
An intruder that does not occur in any of my usual areas of discourse
:-)
What set of signs does it belong to? What does it signify?
Like your smiley, except with a bigger smile.
Russ Dumke <russelldumke@sbcglobal.net> writes:
Hmmmm... I do run as admin (i've seen some reports on the net about problems that occur when you don't).
In the Windows world, lots of stuff breaks if you're not an admin.
In the Mac world, I only know of one program that breaks - the help
system in Adobe Photoshop. This is because the system is an embedded
web browser (Opera in Photoshop Elements 3), and it caches the pages in
the application package itself - which you therefore have to be able to
write to.
A very bad design, IMO. I have noticed, however, that if you launch the
app from an admin account, and pull up the help system once (to populate whatever it needs in the cache), you can then work from a non-admin
account afterwards.
I'm afraid you lost me on the fix (copying the log-rotation section of
the weekly script). How exactly would I do this?
Please don't take this as a blow-off answer, but if you don't understand shell scripts enough to be able to figure it out from what I've written
so far, I don't think it would be a good idea for you to try. A mistake could render your periodic tasks non-functional. Future Apple updates
may or may not overwrite your changes, depending on how they wrote their update scripts.
As I wrote before, there's a block of code in the weekly script that
rotates a large number of log files. You'd have to copy that code and
make different modifications to each set of code. Rig one copy to do
what it's doing already, but without the secure log. Rig the other one
to only work on the secure log, and apply different permissions to the newly-created logfile.
-- David
Sysop: | Gate Keeper |
---|---|
Location: | Shelby, NC |
Users: | 717 |
Nodes: | 20 (0 / 20) |
Uptime: | 14:06:12 |
Calls: | 9,151 |
Calls today: | 25 |
Files: | 5,288 |
D/L today: |
210 files (70,872K bytes) |
Messages: | 465,623 |
Posted today: | 4 |