From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#40405: System log files are world readable Date: Mon, 06 Apr 2020 00:12:39 +0200 Message-ID: <874ktxh99k.fsf@gnu.org> References: <87v9mg1zbt.fsf@GlaDOS.home> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:59629) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jLDVn-0008JD-Ok for bug-guix@gnu.org; Sun, 05 Apr 2020 18:13:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jLDVm-00050u-Mg for bug-guix@gnu.org; Sun, 05 Apr 2020 18:13:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:35265) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jLDVm-00050c-Js for bug-guix@gnu.org; Sun, 05 Apr 2020 18:13:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jLDVm-0006dY-GG for bug-guix@gnu.org; Sun, 05 Apr 2020 18:13:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87v9mg1zbt.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Fri, 03 Apr 2020 15:19:34 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org Sender: "bug-Guix" To: Diego Nicola Barbato Cc: 40405@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Diego Nicola Barbato skribis: > On Guix System the log files (in /var/log) generated by syslogd are > currently (commit 151f3d4) world readable. They should probably only be > readable by root (for the same reason that dmesg can only be run by > root). > > It isn't possible to set the umask with fork-exec-constructor, is it? > Otherwise that might have been a simple solution. That would be a nice solution to implement in the Shepherd. If you feel like giving it a try, that would be great! In the meantime, the patch below fixes the syslogd problem. Also attached is a patch for the accounting database, though that one is questionable. Thoughts? Thanks, Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/services.scm b/gnu/services.scm index 7941cd3af0..d631e8dd32 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -528,15 +528,20 @@ ACTIVATION-SCRIPT-TYPE." (use-modules (gnu build activation) (guix build utils)) + (define (ensure-file-exists file) + (let ((port (open-file file "a0"))) + (chmod port #o640) + (close-port port))) + ;; Make sure the user accounting database exists. If it ;; does not exist, 'setutxent' does not create it and ;; thus there is no accounting at all. - (close-port (open-file "/var/run/utmpx" "a0")) + (ensure-file-exists "/var/run/utmpx") ;; Same for 'wtmp', which is populated by mingetty et ;; al. (mkdir-p "/var/log") - (close-port (open-file "/var/log/wtmp" "a0")) + (ensure-file-exists "/var/log/wtmp") ;; Set up /run/current-system. Among other things this ;; sets up locales, which the activation snippets diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 8d9a563e2b..e59b6fea80 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1436,10 +1436,17 @@ Service Switch}, for an example." (documentation "Run the syslog daemon (syslogd).") (provision '(syslogd)) (requirement '(user-processes)) - (start #~(make-forkexec-constructor - (list #$(syslog-configuration-syslogd config) - "--rcfile" #$(syslog-configuration-config-file config)) - #:pid-file "/var/run/syslog.pid")) + (start #~(let ((fork (make-forkexec-constructor + (list #$(syslog-configuration-syslogd config) + "--rcfile" + #$(syslog-configuration-config-file config)) + #:pid-file "/var/run/syslog.pid"))) + (lambda () + ;; Set the umask such that file permissions are #o640. + (let ((mask (umask #o137)) + (pid (fork))) + (umask mask) + pid)))) (stop #~(make-kill-destructor)))))) ;; Snippet adapted from the GNU inetutils manual. --=-=-=--