From unknown Sun Aug 10 09:47:22 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#40405 <40405@debbugs.gnu.org> To: bug#40405 <40405@debbugs.gnu.org> Subject: Status: System log files are world readable Reply-To: bug#40405 <40405@debbugs.gnu.org> Date: Sun, 10 Aug 2025 16:47:22 +0000 retitle 40405 System log files are world readable reassign 40405 guix submitter 40405 Diego Nicola Barbato severity 40405 normal tag 40405 security thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 03 09:19:44 2020 Received: (at submit) by debbugs.gnu.org; 3 Apr 2020 13:19:44 +0000 Received: from localhost ([127.0.0.1]:41388 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jKMEZ-00086a-Tk for submit@debbugs.gnu.org; Fri, 03 Apr 2020 09:19:44 -0400 Received: from lists.gnu.org ([209.51.188.17]:38087) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jKMEY-00086J-2A for submit@debbugs.gnu.org; Fri, 03 Apr 2020 09:19:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60690) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jKMEW-00005L-QJ for bug-guix@gnu.org; Fri, 03 Apr 2020 09:19:41 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jKMEV-0000gI-Qe for bug-guix@gnu.org; Fri, 03 Apr 2020 09:19:40 -0400 Received: from mout02.posteo.de ([185.67.36.66]:42605) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jKMEV-0000dr-BN for bug-guix@gnu.org; Fri, 03 Apr 2020 09:19:39 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id AF2E02400FC for ; Fri, 3 Apr 2020 15:19:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1585919976; bh=UM+B9+dDQ8ZEbl+tsHQrINA0+xoHV4xBDOjnVbnI+Jk=; h=From:To:Subject:Date:From; b=RGls2t0pMbqMsBMfPudJ8nMKR3E/yhyquUp3h2AzyMi57wD/BQlvJJzYw+OElCeLh 51qniEQnuDCwwl+KI/pS1BoWkJB0Q69zmDdoOzLyBvbR7cIYzq2rGEmwZv29h9cd1u WYD1xDqJpMe99zHsk8Rjo4vJGJEPS/blkIXHuUm3WrJvfYxkf7ZSvzayIEKXi+Cobq oSsQTsFmPRuAEfbLZk0vEWiZLVVsq90vz5ud/SQsDNxzGwIwnZczZqc5PJWDGm7SGk Zb2Ju3OY4cZyC9HkOcEPY2Rt3rtoGlOYW9fh1fwHDugtZSqoVHo+peMsEF/ALPzX4i DtDI6NdOhnFgg== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 48v0s4193Lz9rxl for ; Fri, 3 Apr 2020 15:19:35 +0200 (CEST) From: Diego Nicola Barbato To: bug-guix@gnu.org Subject: System log files are world readable Date: Fri, 03 Apr 2020 15:19:34 +0200 Message-ID: <87v9mg1zbt.fsf@GlaDOS.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 185.67.36.66 X-Spam-Score: 0.3 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Hey Guix, On Guix System the log files (in /var/log) generated by syslogd are currently (commit 151f3d4) world readable. They should probably only be readable by root (for the same reason that dmesg can only be run by root). It isn't possible to set the umask with fork-exec-constructor, is it? Otherwise that might have been a simple solution. Regards, Diego From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 03 09:34:27 2020 Received: (at 40405) by debbugs.gnu.org; 3 Apr 2020 13:34:27 +0000 Received: from localhost ([127.0.0.1]:41416 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jKMSp-0000TA-Kw for submit@debbugs.gnu.org; Fri, 03 Apr 2020 09:34:27 -0400 Received: from mout02.posteo.de ([185.67.36.66]:51079) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jKMSm-0000Sf-Th for 40405@debbugs.gnu.org; Fri, 03 Apr 2020 09:34:25 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 84EF02400FB for <40405@debbugs.gnu.org>; Fri, 3 Apr 2020 15:34:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1585920858; bh=f7Vp5cCMlT7hewscKncbMlWQ6hSh2LM4qF9E9R0mPVM=; h=From:To:Subject:Date:From; b=OxUZl7Cz4AvzusDM7MCpIzF/92PcK/k5YNnTEWONkWIWrqjjKdVn0ARMlR9x6Mmi8 IsXLv2zKlskSxWlo+3NhJjpOPHwSi4sMOGIQMLcHtNwdhIse9GCqdtYLd5dt1fttPh ifk0mifZw/UjjSfHgI1Hgd1W5EeAQwy6BHUfGcMIakX0WwA+wbeUR6b55218flphL0 M8qRzrDC2Z0SrqqD6SBvyf3NW3G9he0bGKhLf80FF3W3n9Gx58SKkUxuuabkTIjiCv WI1bVG9XMm/8bQlnBGPRaHOyYQRUExWelpvDappXxcY5XLzue+kvR0I5WoNLuQOHKT aMuvVA3qNxfQw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 48v1B15lDyz9rxS for <40405@debbugs.gnu.org>; Fri, 3 Apr 2020 15:34:17 +0200 (CEST) From: Diego Nicola Barbato To: 40405@debbugs.gnu.org Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> Date: Fri, 03 Apr 2020 15:34:17 +0200 In-Reply-To: <87v9mg1zbt.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Fri, 03 Apr 2020 15:19:34 +0200") Message-ID: <87r1x41yna.fsf@GlaDOS.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 40405 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Diego Nicola Barbato writes: > Hey Guix, > > On Guix System the log files (in /var/log) generated by syslogd are > currently (commit 151f3d4) world readable. They should probably only be > readable by root (for the same reason that dmesg can only be run by > root). > > It isn't possible to set the umask with fork-exec-constructor, is it? ^^^^^^^^^^^^^^^^^^^^^ That should be 'make-forkexec-constructor'. Sorry for the noise. > Otherwise that might have been a simple solution. > > Regards, > > Diego From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 05 17:32:52 2020 Received: (at control) by debbugs.gnu.org; 5 Apr 2020 21:32:52 +0000 Received: from localhost ([127.0.0.1]:46769 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLCsu-0002Gn-08 for submit@debbugs.gnu.org; Sun, 05 Apr 2020 17:32:52 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40833) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLCsr-0002GM-UU for control@debbugs.gnu.org; Sun, 05 Apr 2020 17:32:50 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:43829) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1jLCsm-0005mu-Qs for control@debbugs.gnu.org; Sun, 05 Apr 2020 17:32:44 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39716 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jLCsm-0005P7-2u for control@debbugs.gnu.org; Sun, 05 Apr 2020 17:32:44 -0400 Date: Sun, 05 Apr 2020 23:32:42 +0200 Message-Id: <87blo5hb45.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #40405 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) tags 40405 + security quit From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 05 18:12:48 2020 Received: (at 40405) by debbugs.gnu.org; 5 Apr 2020 22:12:48 +0000 Received: from localhost ([127.0.0.1]:46811 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLDVY-0006cN-6J for submit@debbugs.gnu.org; Sun, 05 Apr 2020 18:12:48 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44488) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLDVW-0006bw-Qy for 40405@debbugs.gnu.org; Sun, 05 Apr 2020 18:12:47 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:44781) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1jLDVR-0004kn-Jn; Sun, 05 Apr 2020 18:12:41 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39844 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jLDVR-00008i-4d; Sun, 05 Apr 2020 18:12:41 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Diego Nicola Barbato Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> Date: Mon, 06 Apr 2020 00:12:39 +0200 In-Reply-To: <87v9mg1zbt.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Fri, 03 Apr 2020 15:19:34 +0200") Message-ID: <874ktxh99k.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40405 Cc: 40405@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Diego Nicola Barbato skribis: > On Guix System the log files (in /var/log) generated by syslogd are > currently (commit 151f3d4) world readable. They should probably only be > readable by root (for the same reason that dmesg can only be run by > root). > > It isn't possible to set the umask with fork-exec-constructor, is it? > Otherwise that might have been a simple solution. That would be a nice solution to implement in the Shepherd. If you feel like giving it a try, that would be great! In the meantime, the patch below fixes the syslogd problem. Also attached is a patch for the accounting database, though that one is questionable. Thoughts? Thanks, Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/services.scm b/gnu/services.scm index 7941cd3af0..d631e8dd32 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -528,15 +528,20 @@ ACTIVATION-SCRIPT-TYPE." (use-modules (gnu build activation) (guix build utils)) + (define (ensure-file-exists file) + (let ((port (open-file file "a0"))) + (chmod port #o640) + (close-port port))) + ;; Make sure the user accounting database exists. If it ;; does not exist, 'setutxent' does not create it and ;; thus there is no accounting at all. - (close-port (open-file "/var/run/utmpx" "a0")) + (ensure-file-exists "/var/run/utmpx") ;; Same for 'wtmp', which is populated by mingetty et ;; al. (mkdir-p "/var/log") - (close-port (open-file "/var/log/wtmp" "a0")) + (ensure-file-exists "/var/log/wtmp") ;; Set up /run/current-system. Among other things this ;; sets up locales, which the activation snippets diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 8d9a563e2b..e59b6fea80 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1436,10 +1436,17 @@ Service Switch}, for an example." (documentation "Run the syslog daemon (syslogd).") (provision '(syslogd)) (requirement '(user-processes)) - (start #~(make-forkexec-constructor - (list #$(syslog-configuration-syslogd config) - "--rcfile" #$(syslog-configuration-config-file config)) - #:pid-file "/var/run/syslog.pid")) + (start #~(let ((fork (make-forkexec-constructor + (list #$(syslog-configuration-syslogd config) + "--rcfile" + #$(syslog-configuration-config-file config)) + #:pid-file "/var/run/syslog.pid"))) + (lambda () + ;; Set the umask such that file permissions are #o640. + (let ((mask (umask #o137)) + (pid (fork))) + (umask mask) + pid)))) (stop #~(make-kill-destructor)))))) ;; Snippet adapted from the GNU inetutils manual. --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 06 18:07:24 2020 Received: (at 40405) by debbugs.gnu.org; 6 Apr 2020 22:07:24 +0000 Received: from localhost ([127.0.0.1]:49348 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLZts-0000Bj-G2 for submit@debbugs.gnu.org; Mon, 06 Apr 2020 18:07:24 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55629) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLZtq-0000BJ-SW for 40405@debbugs.gnu.org; Mon, 06 Apr 2020 18:07:23 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42129) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1jLZtl-0005Zw-3e; Mon, 06 Apr 2020 18:07:17 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=44498 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jLZtk-0007ty-Ja; Mon, 06 Apr 2020 18:07:16 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Diego Nicola Barbato Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> Date: Tue, 07 Apr 2020 00:07:14 +0200 In-Reply-To: <874ktxh99k.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 06 Apr 2020 00:12:39 +0200") Message-ID: <87blo4clpp.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40405 Cc: 40405@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi, Ludovic Court=C3=A8s skribis: > In the meantime, the patch below fixes the syslogd problem. Also > attached is a patch for the accounting database, though that one is > questionable. I pushed the syslog bits along with a test as commit d7113bb655ff80a868a9e624c913f9d23e6c63ad. (I think already world-readable files will remain world-readable though?) The main remaining issue here is log files created by =E2=80=98fork+exec-command=E2=80=99. We=E2=80=99ll have to address that in= the Shepherd proper, I think. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 06 20:50:24 2020 Received: (at 40405) by debbugs.gnu.org; 7 Apr 2020 00:50:24 +0000 Received: from localhost ([127.0.0.1]:49392 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLcRc-0002Vj-1L for submit@debbugs.gnu.org; Mon, 06 Apr 2020 20:50:24 -0400 Received: from imta-38.everyone.net ([216.200.145.38]:52058) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLcRa-0002VX-El for 40405@debbugs.gnu.org; Mon, 06 Apr 2020 20:50:23 -0400 Received: from pps.filterd (omta003.sj2.proofpoint.com [127.0.0.1]) by imta-38.everyone.net (8.16.0.27/8.16.0.27) with SMTP id 0370jGni011345; Mon, 6 Apr 2020 17:50:21 -0700 X-Eon-Originating-Account: wx9o7cGQ5ErVHEIl7Fnzx21SBtbFP9u6jTRjkRnvGWw X-Eon-Dm: m0117124.ppops.net Received: by m0117124.mta.everyone.net (EON-AUTHRELAY2 - 5a81d899) id m0117124.5e67f957.2b6632; Mon, 6 Apr 2020 17:50:08 -0700 X-Eon-Sig: AQMHrIJei85AALelYQIAAAAD,dd3ea85d21b9576023b48afe7a7eb150 X-Eip: GsN9Ty_VPtYUPs6hwcAUdpB0GJ4HztS_uZenrFQuGrc Date: Tue, 7 Apr 2020 02:49:58 +0200 From: Bengt Richter To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#40405: System log files are world readable Message-ID: <20200407004958.GA8760@LionPure> References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87blo4clpp.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87blo4clpp.fsf@gnu.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-06_14:2020-04-06, 2020-04-06 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1034 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=946 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000 definitions=main-2004070005 X-Spam-Score: -0.4 (/) X-Debbugs-Envelope-To: 40405 Cc: 40405@debbugs.gnu.org, Diego Nicola Barbato X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bengt Richter Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.4 (-) Hi Ludo, On +2020-04-07 00:07:14 +0200, Ludovic Courtès wrote: > Hi, > > Ludovic Courtès skribis: > > > In the meantime, the patch below fixes the syslogd problem. Also > > attached is a patch for the accounting database, though that one is > > questionable. > > I pushed the syslog bits along with a test as commit > d7113bb655ff80a868a9e624c913f9d23e6c63ad. (I think already > world-readable files will remain world-readable though?) > Could build daemons do some kind of maintenance rebuild to chmod them? And maybe be scheduled to monitor new files for other mistakes as well? Meanwhile, could a superuser chmod them without affecting hashes? (curious as to whether permission bits escape hashing). > The main remaining issue here is log files created by > ‘fork+exec-command’. We’ll have to address that in the Shepherd proper, > I think. > > Ludo’. > > > -- Regards, Bengt Richter From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 07 03:30:40 2020 Received: (at 40405) by debbugs.gnu.org; 7 Apr 2020 07:30:40 +0000 Received: from localhost ([127.0.0.1]:49500 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLigy-0003Ne-2r for submit@debbugs.gnu.org; Tue, 07 Apr 2020 03:30:40 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55533) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLigw-0003NA-1a for 40405@debbugs.gnu.org; Tue, 07 Apr 2020 03:30:38 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49721) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1jLigq-00029n-CL; Tue, 07 Apr 2020 03:30:32 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=45300 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jLigp-00023j-Nw; Tue, 07 Apr 2020 03:30:32 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Bengt Richter Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87blo4clpp.fsf@gnu.org> <20200407004958.GA8760@LionPure> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 19 Germinal an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 07 Apr 2020 09:30:29 +0200 In-Reply-To: <20200407004958.GA8760@LionPure> (Bengt Richter's message of "Tue, 7 Apr 2020 02:49:58 +0200") Message-ID: <87zhbnbvmy.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40405 Cc: 40405@debbugs.gnu.org, Diego Nicola Barbato X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi, Bengt Richter skribis: > On +2020-04-07 00:07:14 +0200, Ludovic Court=C3=A8s wrote: >> Hi, >>=20 >> Ludovic Court=C3=A8s skribis: >>=20 >> > In the meantime, the patch below fixes the syslogd problem. Also >> > attached is a patch for the accounting database, though that one is >> > questionable. >>=20 >> I pushed the syslog bits along with a test as commit >> d7113bb655ff80a868a9e624c913f9d23e6c63ad. (I think already >> world-readable files will remain world-readable though?) >> > > Could build daemons do some kind of maintenance rebuild to chmod them? > And maybe be scheduled to monitor new files for other mistakes as well? Yes, we could do that, I just haven=E2=80=99t checked if this is necessary = or thought about how to do it. > Meanwhile, could a superuser chmod them without affecting hashes? Definitely. (There=E2=80=99s no =E2=80=9Chashing=E2=80=9D involved for /va= r/log.) Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 08 08:33:04 2020 Received: (at 40405) by debbugs.gnu.org; 8 Apr 2020 12:33:04 +0000 Received: from localhost ([127.0.0.1]:51497 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jM9t9-0000W2-U9 for submit@debbugs.gnu.org; Wed, 08 Apr 2020 08:33:04 -0400 Received: from mout02.posteo.de ([185.67.36.66]:54375) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jM9t7-0000VX-F4 for 40405@debbugs.gnu.org; Wed, 08 Apr 2020 08:33:02 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 456B32400FC for <40405@debbugs.gnu.org>; Wed, 8 Apr 2020 14:32:55 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1586349175; bh=20K0C4e4+iZ/Qze9iFwiiffQy8FmAmuGZDsccnLE3/A=; h=From:To:Cc:Subject:Date:From; b=VFUAYPgOjLN0qt9fTnTULLIb81QgvR/vo9zB8hSPrVEogoqoY7Mxh5wid8IOM9XWe MsTq4/K2BzJtyw2G3luv6V0BWw0jraBjcWvZ3cLnnNY1AcIijk+jblxy7z1fzGq7Yn Ht60aXnZWIz+IwV4sjreXOyCzPBa0Hhy5wyU75pdf5HVMHKQfwlQYxBb0ho44PmV9u les5NHbBAjuNRU/zBGBjGvuxJI25ZYhq9stnPOk3/LBsLyGvHABrhRIkbEMAdv+z2w BXY6uA/0/OV0L73FU9VueBy1FcW1+UFSSHR8U825kFuRW7qLFLlDiOymCRiB16JY5k 4bmYVm6gyvMvA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 48y3Zt0tVJz9rxD; Wed, 8 Apr 2020 14:32:53 +0200 (CEST) From: Diego Nicola Barbato To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> Date: Wed, 08 Apr 2020 14:32:53 +0200 In-Reply-To: <874ktxh99k.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 06 Apr 2020 00:12:39 +0200") Message-ID: <87pnciximi.fsf@GlaDOS.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 40405 Cc: 40405@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hey, Ludovic Court=C3=A8s writes: > Hi, > > Diego Nicola Barbato skribis: > >> On Guix System the log files (in /var/log) generated by syslogd are >> currently (commit 151f3d4) world readable. They should probably only be >> readable by root (for the same reason that dmesg can only be run by >> root). >> >> It isn't possible to set the umask with fork-exec-constructor, is it? >> Otherwise that might have been a simple solution. > > That would be a nice solution to implement in the Shepherd. If you feel > like giving it a try, that would be great! I've attached two patches for the Shepherd. The first one makes sure that 'exec-command' creates log files with mode #o640 (I thought about making it a parameter instead of hard coding it, but I doubt it would be very useful). The second one makes it possible to set the umask with 'exec-command', 'fork+exec-command', and 'make-forkexec-constructor'. I wasn't quite sure how to avoid a collision with the procedure umask (would `((@ (guile) umask) umask)' have been ok?) so I named the parameter file-creation-mask. I haven't tested the changes. What would be a straight forward way to do that on Guix? Looking at the documentation it doesn't seem possible to swap out the shepherd package of the %shepherd-root-service with 'modify-services'.=20 [...] Regards, Diego --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-service-Create-log-files-as-non-world-readable.patch >From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001 From: Diego Nicola Barbato Date: Tue, 7 Apr 2020 13:58:28 +0200 Subject: [PATCH 1/2] service: Create log files as non-world-readable. * modules/shepherd/service.scm (exec-command): Create log-file with file permissions #o640. --- modules/shepherd/service.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index fc82cc4..9a4a5d9 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -808,7 +808,7 @@ false." ;; Redirect stout and stderr to use LOG-FILE. (catch-system-error (close-fdes 1)) (catch-system-error (close-fdes 2)) - (dup2 (open-fdes log-file (logior O_CREAT O_WRONLY O_APPEND)) 1) + (dup2 (open-fdes log-file (logior O_CREAT O_WRONLY O_APPEND) #o640) 1) (dup2 1 2)) (lambda (key . args) (format (current-error-port) -- 2.26.0 --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0002-service-Add-file-creation-mask-to-make-forkexec-cons.patch >From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001 From: Diego Nicola Barbato Date: Tue, 7 Apr 2020 13:38:47 +0200 Subject: [PATCH 2/2] service: Add #:file-creation-mask to 'make-forkexec-constructor'. * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask parameter and honor it. (fork+exec-command): Add #:file-creation-mask parameter and pass it to exec-command. (make-forkexec-constructor): Add #:file-creation-mask parameter and pass it to fork+exec-command. * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly. --- doc/shepherd.texi | 9 +++++++-- modules/shepherd/service.scm | 22 ++++++++++++++++------ 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/doc/shepherd.texi b/doc/shepherd.texi index 3e61f5d..659eb82 100644 --- a/doc/shepherd.texi +++ b/doc/shepherd.texi @@ -896,10 +896,12 @@ execution of the @var{command} was successful, @code{#t} if not. [#:pid-file #f] [#:pid-file-timeout %pid-file-timeout] @ [#:log-file #f] @ [#:directory (default-service-directory)] @ + [#:file-creation-mask #f] @ [#:environment-variables (default-environment-variables)] Return a procedure that forks a child process, closes all file descriptors except the standard output and standard error descriptors, sets -the current directory to @var{directory}, changes the environment to +the current directory to @var{directory}, sets the umask to +@var{file-creation-mask} unless it is @code{#f}, changes the environment to @var{environment-variables} (using the @code{environ} procedure), sets the current user to @var{user} and the current group to @var{group} unless they are @code{#f}, and executes @var{command} (a list of strings.) The result of @@ -935,13 +937,16 @@ procedures. [#:group #f] @ [#:log-file #f] @ [#:directory (default-service-directory)] @ + [#:file-creation-mask #f] @ [#:environment-variables (default-environment-variables)] @deffnx {procedure} fork+exec-command @var{command} @ [#:user #f] @ [#:group #f] @ [#:directory (default-service-directory)] @ + [#:file-creation-mask #f] @ [#:environment-variables (default-environment-variables)] -Run @var{command} as the current process from @var{directory}, and with +Run @var{command} as the current process from @var{directory}, with +@var{file-creation-mask} if it's true, and with @var{environment-variables} (a list of strings like @code{"PATH=/bin"}.) File descriptors 1 and 2 are kept as is or redirected to @var{log-file} if it's true, whereas file descriptor 0 diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index 9a4a5d9..d90b55b 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -771,12 +771,14 @@ daemon writing FILE is running in a separate PID namespace." (group #f) (log-file #f) (directory (default-service-directory)) + (file-creation-mask #f) (environment-variables (default-environment-variables))) - "Run COMMAND as the current process from DIRECTORY, and with -ENVIRONMENT-VARIABLES (a list of strings like \"PATH=/bin\".) File -descriptors 1 and 2 are kept as is or redirected to LOG-FILE if it's true, -whereas file descriptor 0 (standard input) points to /dev/null; all other file -descriptors are closed prior to yielding control to COMMAND. + "Run COMMAND as the current process from DIRECTORY, with FILE-CREATION-MASK +if it's true, and with ENVIRONMENT-VARIABLES (a list of strings like +\"PATH=/bin\"). File descriptors 1 and 2 are kept as is or redirected to +LOG-FILE if it's true, whereas file descriptor 0 (standard input) points to +/dev/null; all other file descriptors are closed prior to yielding control to +COMMAND. By default, COMMAND is run as the current user. If the USER keyword argument is present and not false, change to USER immediately before @@ -840,6 +842,9 @@ false." (print-exception (current-error-port) #f key args) (primitive-exit 1)))) + (when file-creation-mask + (umask file-creation-mask)) + ;; As the last action, close file descriptors. Doing it last makes ;; "error in the finalization thread: Bad file descriptor" issues ;; unlikely on 2.2. @@ -871,6 +876,7 @@ false." (group #f) (log-file #f) (directory (default-service-directory)) + (file-creation-mask #f) (environment-variables (default-environment-variables))) "Spawn a process that executed COMMAND as per 'exec-command', and return @@ -886,6 +892,7 @@ its PID." #:group group #:log-file log-file #:directory directory + #:file-creation-mask file-creation-mask #:environment-variables environment-variables) pid))) @@ -903,7 +910,8 @@ its PID." (case-lambda* "Return a procedure that forks a child process, closes all file descriptors except the standard output and standard error descriptors, sets -the current directory to @var{directory}, changes the environment to +the current directory to @var{directory}, sets the umask to +@var{file-creation-mask} unless it is @code{#f}, changes the environment to @var{environment-variables} (using the @code{environ} procedure), sets the current user to @var{user} and the current group to @var{group} unless they are @code{#f}, and executes @var{command} (a list of strings.) The result of @@ -918,6 +926,7 @@ start." (user #f) (group #f) (directory (default-service-directory)) + (file-creation-mask #f) (environment-variables (default-environment-variables)) (pid-file #f) (pid-file-timeout %pid-file-timeout) @@ -944,6 +953,7 @@ start." #:group group #:log-file log-file #:directory directory + #:file-creation-mask file-creation-mask #:environment-variables environment-variables))) (if pid-file -- 2.26.0 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 08 15:49:24 2020 Received: (at 40405) by debbugs.gnu.org; 8 Apr 2020 19:49:24 +0000 Received: from localhost ([127.0.0.1]:52928 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jMGhQ-0007dS-IV for submit@debbugs.gnu.org; Wed, 08 Apr 2020 15:49:24 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50369) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jMGhP-0007dE-55 for 40405@debbugs.gnu.org; Wed, 08 Apr 2020 15:49:23 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:33154) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1jMGhJ-0003Ji-VB; Wed, 08 Apr 2020 15:49:18 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=51738 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jMGhC-0002wF-C4; Wed, 08 Apr 2020 15:49:17 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Diego Nicola Barbato Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87pnciximi.fsf@GlaDOS.home> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 20 Germinal an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 08 Apr 2020 21:49:08 +0200 In-Reply-To: <87pnciximi.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Wed, 08 Apr 2020 14:32:53 +0200") Message-ID: <877dyp69mz.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40405 Cc: 40405@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Diego Nicola Barbato skribis: > Ludovic Court=C3=A8s writes: > >> Hi, >> >> Diego Nicola Barbato skribis: >> >>> On Guix System the log files (in /var/log) generated by syslogd are >>> currently (commit 151f3d4) world readable. They should probably only be >>> readable by root (for the same reason that dmesg can only be run by >>> root). >>> >>> It isn't possible to set the umask with fork-exec-constructor, is it? >>> Otherwise that might have been a simple solution. >> >> That would be a nice solution to implement in the Shepherd. If you feel >> like giving it a try, that would be great! > > I've attached two patches for the Shepherd. The first one makes sure > that 'exec-command' creates log files with mode #o640 (I thought about > making it a parameter instead of hard coding it, but I doubt it would be > very useful). The second one makes it possible to set the umask with > 'exec-command', 'fork+exec-command', and 'make-forkexec-constructor'. I > wasn't quite sure how to avoid a collision with the procedure umask > (would `((@ (guile) umask) umask)' have been ok?) so I named the > parameter file-creation-mask. Sounds good to me. > I haven't tested the changes. What would be a straight forward way to > do that on Guix? Looking at the documentation it doesn't seem possible > to swap out the shepherd package of the %shepherd-root-service with > 'modify-services'.=20 Both patches LGTM, but you could add a couple of tests in the Shepherd itself before testing it on Guix. The tests/*.sh are simple shell scripts. You could perhaps create a new one there, run shepherd with a toy service that uses #:log-file and creates files, and then ensure that the log file is #o640 and that #:file-creation-mask is honored. Does that make sense? Then, to test it on Guix, you can run =E2=80=9Cmake dist=E2=80=9D in the Sh= epherd and change the =E2=80=98shepherd=E2=80=99 package so that its =E2=80=98source= =E2=80=99 points to that tarball. You run =E2=80=98guix system vm gnu/system/examples/bare-bones.tm= pl=E2=80=99, boot that, and ensure everything=E2=80=99s OK. Thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 19 10:28:35 2020 Received: (at 40405-done) by debbugs.gnu.org; 19 Apr 2020 14:28:36 +0000 Received: from localhost ([127.0.0.1]:45658 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jQAvz-0001bI-Md for submit@debbugs.gnu.org; Sun, 19 Apr 2020 10:28:35 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42754) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jQAvx-0001b6-Jv for 40405-done@debbugs.gnu.org; Sun, 19 Apr 2020 10:28:34 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52086) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jQAvr-0000Ji-F3; Sun, 19 Apr 2020 10:28:27 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=58364 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jQAvp-0001ST-Tj; Sun, 19 Apr 2020 10:28:26 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Diego Nicola Barbato Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87pnciximi.fsf@GlaDOS.home> Date: Sun, 19 Apr 2020 16:28:24 +0200 In-Reply-To: <87pnciximi.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Wed, 08 Apr 2020 14:32:53 +0200") Message-ID: <87a73735yv.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40405-done Cc: 40405-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi Diego, Diego Nicola Barbato skribis: >>>From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001 > From: Diego Nicola Barbato > Date: Tue, 7 Apr 2020 13:58:28 +0200 > Subject: [PATCH 1/2] service: Create log files as non-world-readable. > > * modules/shepherd/service.scm (exec-command): Create log-file with file > permissions #o640. [...] >>>From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001 > From: Diego Nicola Barbato > Date: Tue, 7 Apr 2020 13:38:47 +0200 > Subject: [PATCH 2/2] service: Add #:file-creation-mask to > 'make-forkexec-constructor'. > > * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask > parameter and honor it. > (fork+exec-command): Add #:file-creation-mask parameter and pass it to > exec-command. > (make-forkexec-constructor): Add #:file-creation-mask parameter and pas= s it > to fork+exec-command. > * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly. I went ahead and pushed these two patches. We=E2=80=99ll need to test current Shepherd master on Guix, but I feel we= =E2=80=99ve accumulated enough improvements for a 0.7.1 release. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 22 16:04:34 2020 Received: (at 40405-done) by debbugs.gnu.org; 22 Apr 2020 20:04:34 +0000 Received: from localhost ([127.0.0.1]:53386 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jRLbl-0006wa-NW for submit@debbugs.gnu.org; Wed, 22 Apr 2020 16:04:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59378) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jRLbj-0006wH-6k for 40405-done@debbugs.gnu.org; Wed, 22 Apr 2020 16:04:32 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35812) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jRLbd-0008Na-Vp; Wed, 22 Apr 2020 16:04:26 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53002 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jRLbd-0005Lm-Fb; Wed, 22 Apr 2020 16:04:25 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 40405-done@debbugs.gnu.org Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87pnciximi.fsf@GlaDOS.home> <87a73735yv.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 4 =?utf-8?Q?Flor=C3=A9al?= an 228 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 22 Apr 2020 22:04:23 +0200 In-Reply-To: <87a73735yv.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Sun, 19 Apr 2020 16:28:24 +0200") Message-ID: <878sinthh4.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40405-done Cc: dnbarbato@posteo.de X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi, Ludovic Court=C3=A8s skribis: > Diego Nicola Barbato skribis: > >>>>From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001 >> From: Diego Nicola Barbato >> Date: Tue, 7 Apr 2020 13:58:28 +0200 >> Subject: [PATCH 1/2] service: Create log files as non-world-readable. >> >> * modules/shepherd/service.scm (exec-command): Create log-file with file >> permissions #o640. > > [...] > >>>>From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001 >> From: Diego Nicola Barbato >> Date: Tue, 7 Apr 2020 13:38:47 +0200 >> Subject: [PATCH 2/2] service: Add #:file-creation-mask to >> 'make-forkexec-constructor'. >> >> * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask >> parameter and honor it. >> (fork+exec-command): Add #:file-creation-mask parameter and pass it to >> exec-command. >> (make-forkexec-constructor): Add #:file-creation-mask parameter and pa= ss it >> to fork+exec-command. >> * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly. > > I went ahead and pushed these two patches. These patches are in Shepherd 0.8.0, which was pushed in Guix master commit e3358a831e7d5d9e8dc614340e49ea5aeb11a7ff, so we=E2=80=99re done! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 28 09:11:57 2020 Received: (at 40405-done) by debbugs.gnu.org; 28 Apr 2020 13:11:57 +0000 Received: from localhost ([127.0.0.1]:39313 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTQ1k-0000Gx-SH for submit@debbugs.gnu.org; Tue, 28 Apr 2020 09:11:57 -0400 Received: from mout01.posteo.de ([185.67.36.65]:39258) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTQ1j-0000Gi-3h for 40405-done@debbugs.gnu.org; Tue, 28 Apr 2020 09:11:55 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id 707AE16005C for <40405-done@debbugs.gnu.org>; Tue, 28 Apr 2020 15:11:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1588079508; bh=uTl81+A2jFM3OuIzLCJg/xbhPm65THu+f3SyJJFQxpw=; h=From:To:Cc:Subject:Date:From; b=A99afkVANCNjM48JqQW6wyqEcKp5mRu2Wad/A8VdAy0GdOjyHQUK7gRgbgacrtPpt /D24jiFljwbzpcASW59vD4C4i73ZOqNHUeEqDgbEVRP8xoBRA32lfnNhFthGqN+qwk iExy6yXY5Y+qX8XzQwtMxBiONG1X2K1wUHTG/bFOBlJMgsm+Tqy1g2QP2sxflENclE h3Uz5i4bQlKCxy7JvFNBi9DRtuvMurqTbn1W0uSfcZ8dSf3peMoFCkKxDkDPiDztbF n8FzCkCe4uSjIKQ8DM6IHltFCelsK5CKA5JY1/074FP/Lcw7dCkG5f+SskmaWSz87b XgtA5uOvvwrow== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 49BMVW4fmsz9rxN; Tue, 28 Apr 2020 15:11:47 +0200 (CEST) From: Diego Nicola Barbato To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87pnciximi.fsf@GlaDOS.home> <87a73735yv.fsf@gnu.org> <878sinthh4.fsf@gnu.org> Date: Tue, 28 Apr 2020 15:11:47 +0200 In-Reply-To: <878sinthh4.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Wed, 22 Apr 2020 22:04:23 +0200") Message-ID: <87y2qfhi0c.fsf@GlaDOS.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 40405-done Cc: 40405-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Ludovic Court=C3=A8s writes: > Hi, > > Ludovic Court=C3=A8s skribis: > >> Diego Nicola Barbato skribis: >> >>>>>From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001 >>> From: Diego Nicola Barbato >>> Date: Tue, 7 Apr 2020 13:58:28 +0200 >>> Subject: [PATCH 1/2] service: Create log files as non-world-readable. >>> >>> * modules/shepherd/service.scm (exec-command): Create log-file with file >>> permissions #o640. >> >> [...] >> >>>>>From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001 >>> From: Diego Nicola Barbato >>> Date: Tue, 7 Apr 2020 13:38:47 +0200 >>> Subject: [PATCH 2/2] service: Add #:file-creation-mask to >>> 'make-forkexec-constructor'. >>> >>> * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask >>> parameter and honor it. >>> (fork+exec-command): Add #:file-creation-mask parameter and pass it to >>> exec-command. >>> (make-forkexec-constructor): Add #:file-creation-mask parameter and p= ass it >>> to fork+exec-command. >>> * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly. >> >> I went ahead and pushed these two patches. > > These patches are in Shepherd 0.8.0, which was pushed in Guix master > commit e3358a831e7d5d9e8dc614340e49ea5aeb11a7ff, so we=E2=80=99re done! Great! Now we can simplify the 'start' method of 'syslogd-service-type'. I did eventually write a test script, which I've attached in case we want to add it to the Shepherd. I'm sorry it took so long that I missed the new Shepherd release. Regards, Diego --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-tests-Test-file-creation-mask-option-of-make-forkexe.patch Content-Transfer-Encoding: quoted-printable >From 2e7a0795b3a7080376238ab604c50d2c180f8730 Mon Sep 17 00:00:00 2001 From: Diego Nicola Barbato Date: Mon, 27 Apr 2020 16:57:36 +0200 Subject: [PATCH] tests: Test #:file-creation-mask option of 'make-forkexec-constructor'. * tests/file-creation-mask.sh: New file. --- tests/file-creation-mask.sh | 79 +++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 tests/file-creation-mask.sh diff --git a/tests/file-creation-mask.sh b/tests/file-creation-mask.sh new file mode 100644 index 0000000..9f5f10a --- /dev/null +++ b/tests/file-creation-mask.sh @@ -0,0 +1,79 @@ +# GNU Shepherd --- Test the #:file-creation-mask option of 'make-forkexec-= constructor'. +# Copyright =C2=A9 2020 Diego N. Barbato +# +# This file is part of the GNU Shepherd. +# +# The GNU Shepherd is free software; you can redistribute it and/or modify= it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# The GNU Shepherd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with the GNU Shepherd. If not, see . + +shepherd --version +herd --version + +socket=3D"t-socket-$$" +conf=3D"t-conf-$$" +log=3D"t-log-$$" +pid=3D"t-pid-$$" +service_log=3D"t-service-log-$$" +service_new_file=3D"t-service-new-file-$$" + +herd=3D"herd -s $socket" + +trap "cat $log || true; + rm -f $socket $conf $log $service_log $service_new_file; + test -f $pid && kill \`cat $pid\` || true; rm -f $pid" EXIT + +function wait_for_file +{ + i=3D0 + while ! test -f "$1" && test $i -lt 20 + do + sleep 0.3 + i=3D`expr $i + 1` + done + test -f "$1" +} + +cat > "$conf"< + #:provides '(test) + #:start (make-forkexec-constructor %command + #:log-file "$PWD/$service_log" + ;; Set the umask such that file + ;; permissions are #o600. + #:file-creation-mask #o177) + #:stop (make-kill-destructor) + #:respawn? #f)) +EOF + +rm -f "$pid" +shepherd -I -s "$socket" -c "$conf" -l "$log" --pid=3D"$pid" & + +# Wait till it's ready. +wait_for_file "$pid" + +# Start the service. +$herd start test + +# Make sure the log file is created with the right permissions independent= ly +# of the value of #:file-creation-mask. +wait_for_file "$service_log" +test `stat -c %a "$service_log"` -eq 640 + +# Make sure the service creates files with the right permissions as determ= ined +# by the value of #:file-creation-mask. +wait_for_file "$service_new_file" +test `stat -c %a "$service_new_file"` -eq 600 --=20 2.26.0 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 28 16:57:49 2020 Received: (at 40405-done) by debbugs.gnu.org; 28 Apr 2020 20:57:49 +0000 Received: from localhost ([127.0.0.1]:41745 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTXIb-0004Cb-Ej for submit@debbugs.gnu.org; Tue, 28 Apr 2020 16:57:49 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41386) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTXIZ-0004CM-Gk for 40405-done@debbugs.gnu.org; Tue, 28 Apr 2020 16:57:47 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40722) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jTXIU-0000bR-5W; Tue, 28 Apr 2020 16:57:42 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=58786 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jTXIS-0002Zm-W9; Tue, 28 Apr 2020 16:57:41 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Diego Nicola Barbato Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87pnciximi.fsf@GlaDOS.home> <87a73735yv.fsf@gnu.org> <878sinthh4.fsf@gnu.org> <87y2qfhi0c.fsf@GlaDOS.home> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 10 =?utf-8?Q?Flor=C3=A9al?= an 228 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 28 Apr 2020 22:57:38 +0200 In-Reply-To: <87y2qfhi0c.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Tue, 28 Apr 2020 15:11:47 +0200") Message-ID: <87h7x3tjjx.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 40405-done Cc: 40405-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Diego Nicola Barbato skribis: > Great! Now we can simplify the 'start' method of > 'syslogd-service-type'. Oh right, do you want to take care of it? > I did eventually write a test script, which I've attached in case we > want to add it to the Shepherd. I'm sorry it took so long that I missed > the new Shepherd release. No problem. I figured it was okay to add it without a test, but having a test is always better so I=E2=80=99ve happily pushed your patch. Thank y= ou! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 29 06:02:18 2020 Received: (at 40405) by debbugs.gnu.org; 29 Apr 2020 10:02:18 +0000 Received: from localhost ([127.0.0.1]:42463 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTjXl-00071f-Qe for submit@debbugs.gnu.org; Wed, 29 Apr 2020 06:02:18 -0400 Received: from mout02.posteo.de ([185.67.36.66]:46153) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jTjXj-00071R-Rp for 40405@debbugs.gnu.org; Wed, 29 Apr 2020 06:02:16 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 1AE77240102 for <40405@debbugs.gnu.org>; Wed, 29 Apr 2020 12:02:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1588154529; bh=uddrkcAK7rGag9L1P9/nEphryuHxJByKXHeBvca1gjw=; h=From:To:Cc:Subject:Date:From; b=OTwymkBYeBtlqhTkMEQchxy4yMw9J1UWfFq278Z/thFJucnn6s42Lxzp6/3faE7xJ QvymuZpLQPmnvn22/r17quIHhFyc+EZolKp379Y5fIxVe1haO+s3zLYNI0GPOKuxZi 0kc55wYvBzhBnO3YjbPE7KxOdOUJX7uBnhTwVs0xmwsAEy/47m56zHaqOsSwx+Pk4U JslE8Ao6fGaopSoE6CcpqcDbWtqLRwMcX8zBmy2gDgUHg8nNEWR3cvwW/DUicvl5ct gyfo6tbuMQ07BSun4ZtnfasJHVSvResLc0gySSijnb2kMOicMgO2Ag3zOL96PQDWtQ ntIfJop1Jhs8g== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 49BvFB15Xrz6tmJ; Wed, 29 Apr 2020 12:02:06 +0200 (CEST) From: Diego Nicola Barbato To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87pnciximi.fsf@GlaDOS.home> <87a73735yv.fsf@gnu.org> <878sinthh4.fsf@gnu.org> <87y2qfhi0c.fsf@GlaDOS.home> <87h7x3tjjx.fsf@gnu.org> Date: Wed, 29 Apr 2020 12:02:05 +0200 In-Reply-To: <87h7x3tjjx.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Tue, 28 Apr 2020 22:57:38 +0200") Message-ID: <87d07qhaoy.fsf@GlaDOS.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 40405 Cc: 40405@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Ludovic Court=C3=A8s writes: > Hello, > > Diego Nicola Barbato skribis: > >> Great! Now we can simplify the 'start' method of >> 'syslogd-service-type'. > > Oh right, do you want to take care of it? I already did: https://debbugs.gnu.org/40937 [...] Regards, Diego From unknown Sun Aug 10 09:47:22 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 27 May 2020 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator