From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#40405: System log files are world readable Date: Wed, 08 Apr 2020 21:49:08 +0200 Message-ID: <877dyp69mz.fsf@gnu.org> References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87pnciximi.fsf@GlaDOS.home> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:37377) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jMGi3-0003ix-M3 for bug-guix@gnu.org; Wed, 08 Apr 2020 15:50:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jMGi2-0003nB-J1 for bug-guix@gnu.org; Wed, 08 Apr 2020 15:50:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41382) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jMGi2-0003n6-Fa for bug-guix@gnu.org; Wed, 08 Apr 2020 15:50:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jMGi2-0007eZ-DP for bug-guix@gnu.org; Wed, 08 Apr 2020 15:50:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87pnciximi.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Wed, 08 Apr 2020 14:32:53 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org Sender: "bug-Guix" To: Diego Nicola Barbato Cc: 40405@debbugs.gnu.org Diego Nicola Barbato skribis: > Ludovic Court=C3=A8s writes: > >> Hi, >> >> Diego Nicola Barbato skribis: >> >>> On Guix System the log files (in /var/log) generated by syslogd are >>> currently (commit 151f3d4) world readable. They should probably only be >>> readable by root (for the same reason that dmesg can only be run by >>> root). >>> >>> It isn't possible to set the umask with fork-exec-constructor, is it? >>> Otherwise that might have been a simple solution. >> >> That would be a nice solution to implement in the Shepherd. If you feel >> like giving it a try, that would be great! > > I've attached two patches for the Shepherd. The first one makes sure > that 'exec-command' creates log files with mode #o640 (I thought about > making it a parameter instead of hard coding it, but I doubt it would be > very useful). The second one makes it possible to set the umask with > 'exec-command', 'fork+exec-command', and 'make-forkexec-constructor'. I > wasn't quite sure how to avoid a collision with the procedure umask > (would `((@ (guile) umask) umask)' have been ok?) so I named the > parameter file-creation-mask. Sounds good to me. > I haven't tested the changes. What would be a straight forward way to > do that on Guix? Looking at the documentation it doesn't seem possible > to swap out the shepherd package of the %shepherd-root-service with > 'modify-services'.=20 Both patches LGTM, but you could add a couple of tests in the Shepherd itself before testing it on Guix. The tests/*.sh are simple shell scripts. You could perhaps create a new one there, run shepherd with a toy service that uses #:log-file and creates files, and then ensure that the log file is #o640 and that #:file-creation-mask is honored. Does that make sense? Then, to test it on Guix, you can run =E2=80=9Cmake dist=E2=80=9D in the Sh= epherd and change the =E2=80=98shepherd=E2=80=99 package so that its =E2=80=98source= =E2=80=99 points to that tarball. You run =E2=80=98guix system vm gnu/system/examples/bare-bones.tm= pl=E2=80=99, boot that, and ensure everything=E2=80=99s OK. Thanks! Ludo=E2=80=99.