bug#40405: System log files are world readable

["Ludovic Courtès" <ludo@gnu.org>]

[-- Attachment #1: Type: text/plain, Size: 728 bytes --]

Hi,

Diego Nicola Barbato <dnbarbato@posteo.de> skribis:

> On Guix System the log files (in /var/log) generated by syslogd are
> currently (commit 151f3d4) world readable.  They should probably only be
> readable by root (for the same reason that dmesg can only be run by
> root).
>
> It isn't possible to set the umask with fork-exec-constructor, is it?
> Otherwise that might have been a simple solution.

That would be a nice solution to implement in the Shepherd.  If you feel
like giving it a try, that would be great!

In the meantime, the patch below fixes the syslogd problem.  Also
attached is a patch for the accounting database, though that one is
questionable.

Thoughts?

Thanks,
Ludo’.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 2541 bytes --]

diff --git a/gnu/services.scm b/gnu/services.scm
index 7941cd3af0..d631e8dd32 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -528,15 +528,20 @@ ACTIVATION-SCRIPT-TYPE."
                       (use-modules (gnu build activation)
                                    (guix build utils))
 
+                      (define (ensure-file-exists file)
+                        (let ((port (open-file file "a0")))
+                          (chmod port #o640)
+                          (close-port port)))
+
                       ;; Make sure the user accounting database exists.  If it
                       ;; does not exist, 'setutxent' does not create it and
                       ;; thus there is no accounting at all.
-                      (close-port (open-file "/var/run/utmpx" "a0"))
+                      (ensure-file-exists "/var/run/utmpx")
 
                       ;; Same for 'wtmp', which is populated by mingetty et
                       ;; al.
                       (mkdir-p "/var/log")
-                      (close-port (open-file "/var/log/wtmp" "a0"))
+                      (ensure-file-exists "/var/log/wtmp")
 
                       ;; Set up /run/current-system.  Among other things this
                       ;; sets up locales, which the activation snippets
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 8d9a563e2b..e59b6fea80 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1436,10 +1436,17 @@ Service Switch}, for an example."
       (documentation "Run the syslog daemon (syslogd).")
       (provision '(syslogd))
       (requirement '(user-processes))
-      (start #~(make-forkexec-constructor
-                (list #$(syslog-configuration-syslogd config)
-                      "--rcfile" #$(syslog-configuration-config-file config))
-                #:pid-file "/var/run/syslog.pid"))
+      (start #~(let ((fork (make-forkexec-constructor
+                            (list #$(syslog-configuration-syslogd config)
+                                  "--rcfile"
+                                  #$(syslog-configuration-config-file config))
+                            #:pid-file "/var/run/syslog.pid")))
+                 (lambda ()
+                   ;; Set the umask such that file permissions are #o640.
+                   (let ((mask (umask #o137))
+                         (pid  (fork)))
+                     (umask mask)
+                     pid))))
       (stop #~(make-kill-destructor))))))
 
 ;; Snippet adapted from the GNU inetutils manual.