GNU bug report logs - #40405
System log files are world readable

Previous Next

Package: guix;

Reported by: Diego Nicola Barbato <dnbarbato <at> posteo.de>

Date: Fri, 3 Apr 2020 13:20:02 UTC

Severity: normal

Tags: security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Bengt Richter <bokr <at> bokr.com>
Cc: 40405 <at> debbugs.gnu.org, Diego Nicola Barbato <dnbarbato <at> posteo.de>
Subject: bug#40405: System log files are world readable
Date: Tue, 07 Apr 2020 09:30:29 +0200

Hi,

Bengt Richter <bokr <at> bokr.com> skribis:

> On +2020-04-07 00:07:14 +0200, Ludovic Courtès wrote:
>> Hi,
>> 
>> Ludovic Courtès <ludo <at> gnu.org> skribis:
>> 
>> > In the meantime, the patch below fixes the syslogd problem.  Also
>> > attached is a patch for the accounting database, though that one is
>> > questionable.
>> 
>> I pushed the syslog bits along with a test as commit
>> d7113bb655ff80a868a9e624c913f9d23e6c63ad.  (I think already
>> world-readable files will remain world-readable though?)
>>
>
> Could build daemons do some kind of maintenance rebuild to chmod them?
> And maybe be scheduled to monitor new files for other mistakes as well?

Yes, we could do that, I just haven’t checked if this is necessary or
thought about how to do it.

> Meanwhile, could a superuser chmod them without affecting hashes?

Definitely.  (There’s no “hashing” involved for /var/log.)

Ludo’.

This bug report was last modified 5 years and 76 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #40405 System log files are world readable

GNU bug report logs - #40405
System log files are world readable