From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Daniel P. Berrange" Subject: Re: [PATCH] Scrub vnc password for vfb Date: Tue, 5 Feb 2008 14:06:02 +0000 Message-ID: <20080205140602.GC20888@redhat.com> References: <48C867CB54FB42kanno.masaki@jp.fujitsu.com> Reply-To: "Daniel P. Berrange" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Keir Fraser Cc: xen-devel@lists.xensource.com, Masaki Kanno List-Id: xen-devel@lists.xenproject.org On Tue, Feb 05, 2008 at 08:45:10AM +0000, Keir Fraser wrote: > This leads to a question -- should xend.log (and our other log files) be > world readable in the first place? In Fedora & RHEL /etc/xen and /var/log/xen are both mode 0700 > If we want to change it we may have to hack the logging package a bit, as it > seems that Python's open() function calls fopen() which does not allow you > to manually specify access permissions. Although we could have xend set its > umask to 0770. Maybe that would break other stuff though? The permissions of the logfile don't really matter once you set the directory permissions - and this gives the admin flexibility to chmod/chgrp the dir to allow selected users acccess to the logs The main reason for scrubbing the logs is to protect users' passwords when they post logfiles to mailing lists / bug trackers :-) Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|