GNU bug report logs

#40405 System log files are world readable

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #19 received at 40405@debbugs.gnu.org (full text, mbox, reply):

Received: (at 40405) by debbugs.gnu.org; 7 Apr 2020 00:50:24 +0000
From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 06 20:50:24 2020
Received: from localhost ([127.0.0.1]:49392 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1jLcRc-0002Vj-1L
	for submit@debbugs.gnu.org; Mon, 06 Apr 2020 20:50:24 -0400
Received: from imta-38.everyone.net ([216.200.145.38]:52058)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bokr@oz.net>) id 1jLcRa-0002VX-El
 for 40405@debbugs.gnu.org; Mon, 06 Apr 2020 20:50:23 -0400
Received: from pps.filterd (omta003.sj2.proofpoint.com [127.0.0.1])
 by imta-38.everyone.net (8.16.0.27/8.16.0.27) with SMTP id 0370jGni011345;
 Mon, 6 Apr 2020 17:50:21 -0700
X-Eon-Originating-Account: wx9o7cGQ5ErVHEIl7Fnzx21SBtbFP9u6jTRjkRnvGWw
X-Eon-Dm: m0117124.ppops.net
Received: by m0117124.mta.everyone.net (EON-AUTHRELAY2 - 5a81d899)
 id m0117124.5e67f957.2b6632; Mon, 6 Apr 2020 17:50:08 -0700
X-Eon-Sig: AQMHrIJei85AALelYQIAAAAD,dd3ea85d21b9576023b48afe7a7eb150
X-Eip: GsN9Ty_VPtYUPs6hwcAUdpB0GJ4HztS_uZenrFQuGrc
Date: Tue, 7 Apr 2020 02:49:58 +0200
From: Bengt Richter <bokr@bokr.com>
To: Ludovic Courtès <ludo@gnu.org>
Subject: Re: bug#40405: System log files are world readable
Message-ID: <20200407004958.GA8760@LionPure>
References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org>
 <87blo4clpp.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87blo4clpp.fsf@gnu.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676
 definitions=2020-04-06_14:2020-04-06,
 2020-04-06 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
 priorityscore=1501 malwarescore=0
 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1034
 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=946 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000
 definitions=main-2004070005
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 40405
Cc: 40405@debbugs.gnu.org, Diego Nicola Barbato <dnbarbato@posteo.de>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Reply-To: Bengt Richter <bokr@bokr.com>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.4 (-)

Hi Ludo,

On +2020-04-07 00:07:14 +0200, Ludovic Courtès wrote:
> Hi,
> 
> Ludovic Courtès <ludo@gnu.org> skribis:
> 
> > In the meantime, the patch below fixes the syslogd problem.  Also
> > attached is a patch for the accounting database, though that one is
> > questionable.
> 
> I pushed the syslog bits along with a test as commit
> d7113bb655ff80a868a9e624c913f9d23e6c63ad.  (I think already
> world-readable files will remain world-readable though?)
>

Could build daemons do some kind of maintenance rebuild to chmod them?
And maybe be scheduled to monitor new files for other mistakes as well?

Meanwhile, could a superuser chmod them without affecting hashes?
(curious as to whether permission bits escape hashing).

> The main remaining issue here is log files created by
> ‘fork+exec-command’.  We’ll have to address that in the Shepherd proper,
> I think.
> 
> Ludo’.
> 
> 
> 

-- 
Regards,
Bengt Richter

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 11:52:26 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.