GNU bug report logs - #57363
[PATCH 0/1] Set #o640 permissions for log file of shepherd service in container.

Previous Next

Package: guix-patches;

Reported by: Arun Isaac <arunisaac <at> systemreboot.net>

Date: Tue, 23 Aug 2022 17:32:02 UTC

Severity: normal

Tags: patch

Done: Arun Isaac <arunisaac <at> systemreboot.net>

Bug is archived. No further changes may be made.

Full log

Message #11 received at 57363 <at> debbugs.gnu.org (full text, mbox):

From: Maxime Devos <maximedevos <at> telenet.be>
To: Arun Isaac <arunisaac <at> systemreboot.net>, 57363 <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: Re: [bug#57363] [PATCH 0/1] Set #o640 permissions for log file of
 shepherd service in container.
Date: Fri, 26 Aug 2022 16:48:40 +0200

[Message part 1 (text/plain, inline)]
On 23-08-2022 19:31, Arun Isaac wrote:

> However, when a shepherd service is run using
> make-forkexec-constructor/container, the log file has #o644 permissions. This
> patch corrects that.

There is a small window during which the log file has overly-wide 
permissions, which IIUC makes the log openable when it shouldn't, which 
could later be exploited (after the daemon has been running for a while) 
to extract anything secret written to the log by the service.

Try using (close (open log-file (logior O_CREAT O_APPEND O_CLOEXEC) 
#o600)) instead, that should make things atomic.

I do not know if clearing the log file is desired -- if so, remove 
O_APPEND, if not, keep O_APPEND.

Maybe O_RDONLY or O_WRONLY or O_RDWR needs to be added to make the call 
to 'open' succeed.

Greetings,
Maxime


[OpenPGP_0x49E3EE22191725EE.asc (application/pgp-keys, attachment)]
[OpenPGP_signature (application/pgp-signature, attachment)]
This bug report was last modified 2 years and 321 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.