From mboxrd@z Thu Jan  1 00:00:00 1970
From: Diego Nicola Barbato <dnbarbato@posteo.de>
Subject: bug#40405: System log files are world readable
Date: Fri, 03 Apr 2020 15:19:34 +0200
Message-ID: <87v9mg1zbt.fsf@GlaDOS.home>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:60720)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jKMEu-000072-Hk
 for bug-guix@gnu.org; Fri, 03 Apr 2020 09:20:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jKMEt-00012F-Jf
 for bug-guix@gnu.org; Fri, 03 Apr 2020 09:20:04 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:58075)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jKMEs-000118-IK
 for bug-guix@gnu.org; Fri, 03 Apr 2020 09:20:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jKMEs-00087n-9A
 for bug-guix@gnu.org; Fri, 03 Apr 2020 09:20:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.40405.B.158591998431164@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:60690)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <dnbarbato@posteo.de>) id 1jKMEW-00005L-QJ
 for bug-guix@gnu.org; Fri, 03 Apr 2020 09:19:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <dnbarbato@posteo.de>) id 1jKMEV-0000gI-Qe
 for bug-guix@gnu.org; Fri, 03 Apr 2020 09:19:40 -0400
Received: from mout02.posteo.de ([185.67.36.66]:42605)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <dnbarbato@posteo.de>) id 1jKMEV-0000dr-BN
 for bug-guix@gnu.org; Fri, 03 Apr 2020 09:19:39 -0400
Received: from submission (posteo.de [89.146.220.130])
 by mout02.posteo.de (Postfix) with ESMTPS id AF2E02400FC
 for <bug-guix@gnu.org>; Fri,  3 Apr 2020 15:19:36 +0200 (CEST)
Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 48v0s4193Lz9rxl
 for <bug-guix@gnu.org>; Fri,  3 Apr 2020 15:19:35 +0200 (CEST)
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane-mx.org@gnu.org>
To: 40405@debbugs.gnu.org

Hey Guix,

On Guix System the log files (in /var/log) generated by syslogd are
currently (commit 151f3d4) world readable.  They should probably only be
readable by root (for the same reason that dmesg can only be run by
root).

It isn't possible to set the umask with fork-exec-constructor, is it?
Otherwise that might have been a simple solution.

Regards,

Diego