| 1 |
On 11/16/05, Brad Plant <bplant@×××××××××××.au> wrote: |
| 2 |
> On Wed, 2005-11-16 at 12:54 +0100, varagnat@××××××.fr wrote: |
| 3 |
> > > dedicated non-root account. May be we need to ask syslog-ng authors to |
| 4 |
> > > implement the same scheme as in sysklogd? |
| 5 |
> > |
| 6 |
> > Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used. |
| 7 |
> |
| 8 |
> I ran syslog-ng as a non-root user once before, but now I run it as |
| 9 |
> root. From what I can remember, syslog-ng opened /proc/kmsg before |
| 10 |
> dropping privileges, however when you sent the HUP signal (i.e. after |
| 11 |
> running logrotate) it closed all the files and reopened them again. |
| 12 |
> Because it no longer had root permissions, it couldn't |
| 13 |
> reopen /proc/kmsg. |
| 14 |
|
| 15 |
the workaround is to "lseek(0)" instead of closing and open |
| 16 |
/proc/kmsg, but doing a lseek in a virtual file li /proc/kmsg is weird |
| 17 |
and I don't know it's implications.. |
| 18 |
Other way, is to simply skip the reopen of /proc/kmsg. |
| 19 |
|
| 20 |
> |
| 21 |
> If /proc/kmsg was group readable and the group was set to a special |
| 22 |
> logger group, then I don't see why syslog-ng couldn't be run as a |
| 23 |
> non-root user. |
| 24 |
|
| 25 |
that means patching the kernel... |
| 26 |
I guess it's better to patch on userland, and leave the kernel to |
| 27 |
kernel hackers... |
| 28 |
Also, it's cleaner to make the app secure within itselft, instead of |
| 29 |
relying on the OS to change the permission and group of /proc/kmsg.. |
| 30 |
|
| 31 |
> |
| 32 |
> Cheers, |
| 33 |
> |
| 34 |
> Brad |
| 35 |
> |
| 36 |
> -- |
| 37 |
> gentoo-security@g.o mailing list |
| 38 |
> |
| 39 |
> |
| 40 |
|
| 41 |
Best regards, |
| 42 |
|
| 43 |
-- |
| 44 |
Miguel Sousa Filipe |
| 45 |
-- |
| 46 |
gentoo-security@g.o mailing list |
Archives