From: "Ludovic Courtès" <ludo@gnu.org>
To: Diego Nicola Barbato <dnbarbato@posteo.de>
Cc: 40405@debbugs.gnu.org
Subject: bug#40405: System log files are world readable
Date: Wed, 08 Apr 2020 21:49:08 +0200 [thread overview]
Message-ID: <877dyp69mz.fsf@gnu.org> (raw)
In-Reply-To: <87pnciximi.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Wed, 08 Apr 2020 14:32:53 +0200")
Diego Nicola Barbato <dnbarbato@posteo.de> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hi,
>>
>> Diego Nicola Barbato <dnbarbato@posteo.de> skribis:
>>
>>> On Guix System the log files (in /var/log) generated by syslogd are
>>> currently (commit 151f3d4) world readable. They should probably only be
>>> readable by root (for the same reason that dmesg can only be run by
>>> root).
>>>
>>> It isn't possible to set the umask with fork-exec-constructor, is it?
>>> Otherwise that might have been a simple solution.
>>
>> That would be a nice solution to implement in the Shepherd. If you feel
>> like giving it a try, that would be great!
>
> I've attached two patches for the Shepherd. The first one makes sure
> that 'exec-command' creates log files with mode #o640 (I thought about
> making it a parameter instead of hard coding it, but I doubt it would be
> very useful). The second one makes it possible to set the umask with
> 'exec-command', 'fork+exec-command', and 'make-forkexec-constructor'. I
> wasn't quite sure how to avoid a collision with the procedure umask
> (would `((@ (guile) umask) umask)' have been ok?) so I named the
> parameter file-creation-mask.
Sounds good to me.
> I haven't tested the changes. What would be a straight forward way to
> do that on Guix? Looking at the documentation it doesn't seem possible
> to swap out the shepherd package of the %shepherd-root-service with
> 'modify-services'.
Both patches LGTM, but you could add a couple of tests in the Shepherd
itself before testing it on Guix.
The tests/*.sh are simple shell scripts. You could perhaps create a new
one there, run shepherd with a toy service that uses #:log-file and
creates files, and then ensure that the log file is #o640 and that
#:file-creation-mask is honored.
Does that make sense?
Then, to test it on Guix, you can run “make dist” in the Shepherd and
change the ‘shepherd’ package so that its ‘source’ points to that
tarball. You run ‘guix system vm gnu/system/examples/bare-bones.tmpl’,
boot that, and ensure everything’s OK.
Thanks!
Ludo’.
next prev parent reply other threads:[~2020-04-08 19:50 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-03 13:19 bug#40405: System log files are world readable Diego Nicola Barbato
2020-04-03 13:34 ` Diego Nicola Barbato
2020-04-05 22:12 ` Ludovic Courtès
2020-04-06 22:07 ` Ludovic Courtès
2020-04-07 0:49 ` Bengt Richter
2020-04-07 7:30 ` Ludovic Courtès
2020-04-08 12:32 ` Diego Nicola Barbato
2020-04-08 19:49 ` Ludovic Courtès [this message]
2020-04-19 14:28 ` Ludovic Courtès
2020-04-22 20:04 ` Ludovic Courtès
2020-04-28 13:11 ` Diego Nicola Barbato
2020-04-28 20:57 ` Ludovic Courtès
2020-04-29 10:02 ` Diego Nicola Barbato
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877dyp69mz.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=40405@debbugs.gnu.org \
--cc=dnbarbato@posteo.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).