From mboxrd@z Thu Jan 1 00:00:00 1970 From: Diego Nicola Barbato Subject: bug#40405: System log files are world readable Date: Fri, 03 Apr 2020 15:34:17 +0200 Message-ID: <87r1x41yna.fsf@GlaDOS.home> References: <87v9mg1zbt.fsf@GlaDOS.home> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:34164) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jKMTP-0004jf-GO for bug-guix@gnu.org; Fri, 03 Apr 2020 09:35:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jKMTO-0007zL-Hw for bug-guix@gnu.org; Fri, 03 Apr 2020 09:35:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:58103) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jKMTO-0007y5-4w for bug-guix@gnu.org; Fri, 03 Apr 2020 09:35:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jKMTN-0000VD-Vf for bug-guix@gnu.org; Fri, 03 Apr 2020 09:35:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87v9mg1zbt.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Fri, 03 Apr 2020 15:19:34 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org Sender: "bug-Guix" To: 40405@debbugs.gnu.org Diego Nicola Barbato writes: > Hey Guix, > > On Guix System the log files (in /var/log) generated by syslogd are > currently (commit 151f3d4) world readable. They should probably only be > readable by root (for the same reason that dmesg can only be run by > root). > > It isn't possible to set the umask with fork-exec-constructor, is it? ^^^^^^^^^^^^^^^^^^^^^ That should be 'make-forkexec-constructor'. Sorry for the noise. > Otherwise that might have been a simple solution. > > Regards, > > Diego