GNU bug report logs - #40405
System log files are world readable

Previous Next

Package: guix;

Reported by: Diego Nicola Barbato <dnbarbato <at> posteo.de>

Date: Fri, 3 Apr 2020 13:20:02 UTC

Severity: normal

Tags: security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #28 received at 40405 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Diego Nicola Barbato <dnbarbato <at> posteo.de>
Cc: 40405 <at> debbugs.gnu.org
Subject: Re: bug#40405: System log files are world readable
Date: Wed, 08 Apr 2020 21:49:08 +0200

Diego Nicola Barbato <dnbarbato <at> posteo.de> skribis:

> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> Hi,
>>
>> Diego Nicola Barbato <dnbarbato <at> posteo.de> skribis:
>>
>>> On Guix System the log files (in /var/log) generated by syslogd are
>>> currently (commit 151f3d4) world readable.  They should probably only be
>>> readable by root (for the same reason that dmesg can only be run by
>>> root).
>>>
>>> It isn't possible to set the umask with fork-exec-constructor, is it?
>>> Otherwise that might have been a simple solution.
>>
>> That would be a nice solution to implement in the Shepherd.  If you feel
>> like giving it a try, that would be great!
>
> I've attached two patches for the Shepherd.  The first one makes sure
> that 'exec-command' creates log files with mode #o640 (I thought about
> making it a parameter instead of hard coding it, but I doubt it would be
> very useful).  The second one makes it possible to set the umask with
> 'exec-command', 'fork+exec-command', and 'make-forkexec-constructor'.  I
> wasn't quite sure how to avoid a collision with the procedure umask
> (would `((@ (guile) umask) umask)' have been ok?) so I named the
> parameter file-creation-mask.

Sounds good to me.

> I haven't tested the changes.  What would be a straight forward way to
> do that on Guix?  Looking at the documentation it doesn't seem possible
> to swap out the shepherd package of the %shepherd-root-service with
> 'modify-services'. 

Both patches LGTM, but you could add a couple of tests in the Shepherd
itself before testing it on Guix.

The tests/*.sh are simple shell scripts.  You could perhaps create a new
one there, run shepherd with a toy service that uses #:log-file and
creates files, and then ensure that the log file is #o640 and that
#:file-creation-mask is honored.

Does that make sense?

Then, to test it on Guix, you can run “make dist” in the Shepherd and
change the ‘shepherd’ package so that its ‘source’ points to that
tarball.  You run ‘guix system vm gnu/system/examples/bare-bones.tmpl’,
boot that, and ensure everything’s OK.

Thanks!

Ludo’.
This bug report was last modified 5 years and 75 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.