Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: varagnat@...
Subject: Re : Running app-admin/syslog-ng withoutrootprivileges
Date: Thu, 17 Nov 2005 14:52:37 +0100
> I ran syslog-ng as a non-root user once before, but now I run it as
> root. From what I can remember, syslog-ng opened /proc/kmsg before
> dropping privileges, however when you sent the HUP signal (i.e. after
> running logrotate) it closed all the files and reopened them again.
> Because it no longer had root permissions, it couldn't
> reopen /proc/kmsg.

This looks like a design problem.

> If /proc/kmsg was group readable and the group was set to a special
> logger group, then I don't see why syslog-ng couldn't be run as a
> non-root user.

Yes.
Searching for more info I saw that syslog-ng is able to chroot it self.
But the problem is the same when you want him to re-read its configuration file by sending the SIGHUP signal...




Les informations contenues dans ce message électronique peuvent être de nature confidentielle et soumises à une obligation de secret. Elles sont destinées à l'usage exclusif du réel destinataire. Si vous n'êtes pas le réel destinataire ou si vous recevez ce message par erreur, merci de nous le notifier immédiatement en le retournant à l'adresse de son émetteur.

The information contained in this e-mail may be privileged and confidential. It is intended for the exclusive use of the designated recipients named above. If you are not the intended recipient or if you receive this e-mail in error, please notify us immediatly and return the original message at the address of the sender.


-- 
gentoo-security@g.o mailing list


Replies:
Re: Re : Running app-admin/syslog-ng withoutrootprivileges
-- Miguel Figueiredo Mascarenhas Sousa Filipe
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re : Running app-admin/syslog-ng without rootprivileges
Next by thread:
Re: Re : Running app-admin/syslog-ng withoutrootprivileges
Previous by date:
Re: Running app-admin/syslog-ng without rootprivileges
Next by date:
Why we need TPM in Linux kernel?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.