Gentoo Archives: gentoo-security

From: Miguel Figueiredo Mascarenhas Sousa Filipe <miguel.filipe@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: Re : [gentoo-security] Running app-admin/syslog-ng withoutrootprivileges
Date: Wed, 11 Oct 2006 03:37:56
Message-Id: f058a9c30610102028k7d571e32o45c1e0d4d9117ef9@mail.gmail.com
In Reply to: Re : [gentoo-security] Running app-admin/syslog-ng withoutrootprivileges by varagnat@bertin.fr
1 Hi,
2
3 please check:
4
5 http://bugs.gentoo.org/show_bug.cgi?id=150844
6
7 On 11/17/05, varagnat@××××××.fr <varagnat@××××××.fr> wrote:
8 >
9 > > I ran syslog-ng as a non-root user once before, but now I run it as
10 > > root. From what I can remember, syslog-ng opened /proc/kmsg before
11 > > dropping privileges, however when you sent the HUP signal (i.e. after
12 > > running logrotate) it closed all the files and reopened them again.
13 > > Because it no longer had root permissions, it couldn't
14 > > reopen /proc/kmsg.
15 >
16 > This looks like a design problem.
17 >
18 >
19 > > If /proc/kmsg was group readable and the group was set to a special
20 > > logger group, then I don't see why syslog-ng couldn't be run as a
21 > > non-root user.
22 >
23 > Yes.
24 > Searching for more info I saw that syslog-ng is able to chroot it self.
25 > But the problem is the same when you want him to re-read its configuration file by sending the SIGHUP signal...
26 >
27 >
28 >
29 >
30 > Les informations contenues dans ce message électronique peuvent être de nature confidentielle et soumises à une obligation de secret. Elles sont destinées à l'usage exclusif du réel destinataire. Si vous n'êtes pas le réel destinataire ou si vous recevez ce message par erreur, merci de nous le notifier immédiatement en le retournant à l'adresse de son émetteur.
31 >
32 > The information contained in this e-mail may be privileged and confidential. It is intended for the exclusive use of the designated recipients named above. If you are not the intended recipient or if you receive this e-mail in error, please notify us immediatly and return the original message at the address of the sender.
33 >
34 >
35 > --
36 > gentoo-security@g.o mailing list
37 >
38 >
39
40
41 --
42 Miguel Sousa Filipe
43
44 --
45 gentoo-security@g.o mailing list