GNU bug report logs - #40405
System log files are world readable

Previous Next

Package: guix;

Reported by: Diego Nicola Barbato <dnbarbato <at> posteo.de>

Date: Fri, 3 Apr 2020 13:20:02 UTC

Severity: normal

Tags: security

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Diego Nicola Barbato <dnbarbato <at> posteo.de>
Subject: bug#40405: closed (Re: bug#40405: System log files are world
 readable)
Date: Sun, 19 Apr 2020 14:29:01 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#40405: System log files are world readable

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 40405 <at> debbugs.gnu.org.

-- 
40405: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=40405
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: Diego Nicola Barbato <dnbarbato <at> posteo.de>
Cc: 40405-done <at> debbugs.gnu.org
Subject: Re: bug#40405: System log files are world readable
Date: Sun, 19 Apr 2020 16:28:24 +0200

Hi Diego,

Diego Nicola Barbato <dnbarbato <at> posteo.de> skribis:

>>From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001
> From: Diego Nicola Barbato <dnbarbato <at> posteo.de>
> Date: Tue, 7 Apr 2020 13:58:28 +0200
> Subject: [PATCH 1/2] service: Create log files as non-world-readable.
>
> * modules/shepherd/service.scm (exec-command): Create log-file with file
>   permissions #o640.

[...]

>>From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001
> From: Diego Nicola Barbato <dnbarbato <at> posteo.de>
> Date: Tue, 7 Apr 2020 13:38:47 +0200
> Subject: [PATCH 2/2] service: Add #:file-creation-mask to
>  'make-forkexec-constructor'.
>
> * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask
>   parameter and honor it.
>   (fork+exec-command): Add #:file-creation-mask parameter and pass it to
>   exec-command.
>   (make-forkexec-constructor): Add #:file-creation-mask parameter and pass it
>   to fork+exec-command.
> * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly.

I went ahead and pushed these two patches.

We’ll need to test current Shepherd master on Guix, but I feel we’ve
accumulated enough improvements for a 0.7.1 release.

Thanks,
Ludo’.


[Message part 3 (message/rfc822, inline)]
From: Diego Nicola Barbato <dnbarbato <at> posteo.de>
To: bug-guix <at> gnu.org
Subject: System log files are world readable
Date: Fri, 03 Apr 2020 15:19:34 +0200

Hey Guix,

On Guix System the log files (in /var/log) generated by syslogd are
currently (commit 151f3d4) world readable.  They should probably only be
readable by root (for the same reason that dmesg can only be run by
root).

It isn't possible to set the umask with fork-exec-constructor, is it?
Otherwise that might have been a simple solution.

Regards,

Diego
This bug report was last modified 5 years and 75 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.