GNU bug report logs - #40405
System log files are world readable

Previous Next

Package: guix;

Reported by: Diego Nicola Barbato <dnbarbato <at> posteo.de>

Date: Fri, 3 Apr 2020 13:20:02 UTC

Severity: normal

Tags: security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Bengt Richter <bokr <at> bokr.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 40405 <at> debbugs.gnu.org, Diego Nicola Barbato <dnbarbato <at> posteo.de>
Subject: bug#40405: System log files are world readable
Date: Tue, 7 Apr 2020 02:49:58 +0200

Hi Ludo,

On +2020-04-07 00:07:14 +0200, Ludovic Courtès wrote:
> Hi,
> 
> Ludovic Courtès <ludo <at> gnu.org> skribis:
> 
> > In the meantime, the patch below fixes the syslogd problem.  Also
> > attached is a patch for the accounting database, though that one is
> > questionable.
> 
> I pushed the syslog bits along with a test as commit
> d7113bb655ff80a868a9e624c913f9d23e6c63ad.  (I think already
> world-readable files will remain world-readable though?)
>

Could build daemons do some kind of maintenance rebuild to chmod them?
And maybe be scheduled to monitor new files for other mistakes as well?

Meanwhile, could a superuser chmod them without affecting hashes?
(curious as to whether permission bits escape hashing).

> The main remaining issue here is log files created by
> ‘fork+exec-command’.  We’ll have to address that in the Shepherd proper,
> I think.
> 
> Ludo’.
> 
> 
> 

-- 
Regards,
Bengt Richter
This bug report was last modified 5 years and 75 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.