1 |
On 11/16/05, Brad Plant <bplant@×××××××××××.au> wrote: |
2 |
> On Wed, 2005-11-16 at 12:54 +0100, varagnat@××××××.fr wrote: |
3 |
> > > dedicated non-root account. May be we need to ask syslog-ng authors to |
4 |
> > > implement the same scheme as in sysklogd? |
5 |
> > |
6 |
> > Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used. |
7 |
> |
8 |
> I ran syslog-ng as a non-root user once before, but now I run it as |
9 |
> root. From what I can remember, syslog-ng opened /proc/kmsg before |
10 |
> dropping privileges, however when you sent the HUP signal (i.e. after |
11 |
> running logrotate) it closed all the files and reopened them again. |
12 |
> Because it no longer had root permissions, it couldn't |
13 |
> reopen /proc/kmsg. |
14 |
|
15 |
the workaround is to "lseek(0)" instead of closing and open |
16 |
/proc/kmsg, but doing a lseek in a virtual file li /proc/kmsg is weird |
17 |
and I don't know it's implications.. |
18 |
Other way, is to simply skip the reopen of /proc/kmsg. |
19 |
|
20 |
> |
21 |
> If /proc/kmsg was group readable and the group was set to a special |
22 |
> logger group, then I don't see why syslog-ng couldn't be run as a |
23 |
> non-root user. |
24 |
|
25 |
that means patching the kernel... |
26 |
I guess it's better to patch on userland, and leave the kernel to |
27 |
kernel hackers... |
28 |
Also, it's cleaner to make the app secure within itselft, instead of |
29 |
relying on the OS to change the permission and group of /proc/kmsg.. |
30 |
|
31 |
> |
32 |
> Cheers, |
33 |
> |
34 |
> Brad |
35 |
> |
36 |
> -- |
37 |
> gentoo-security@g.o mailing list |
38 |
> |
39 |
> |
40 |
|
41 |
Best regards, |
42 |
|
43 |
-- |
44 |
Miguel Sousa Filipe |
45 |
-- |
46 |
gentoo-security@g.o mailing list |