Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Security

Re : Running app-admin/syslog-ng without rootprivileges

  

 
Gentoo security RSS feed   Index | Next | Previous | View Threaded


varagnat at bertin

Nov 16, 2005, 4:54 AM

Post #1 of 4 (582 views)
Permalink
Re : Running app-admin/syslog-ng without rootprivileges
> dedicated non-root account. May be we need to ask syslog-ng authors to
> implement the same scheme as in sysklogd?

Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used.



Les informations contenues dans ce message électronique peuvent être de nature confidentielle et soumises à une obligation de secret. Elles sont destinées à l'usage exclusif du réel destinataire. Si vous n'êtes pas le réel destinataire ou si vous recevez ce message par erreur, merci de nous le notifier immédiatement en le retournant à l'adresse de son émetteur.

The information contained in this e-mail may be privileged and confidential. It is intended for the exclusive use of the designated recipients named above. If you are not the intended recipient or if you receive this e-mail in error, please notify us immediatly and return the original message at the address of the sender.


--
gentoo-security [at] gentoo mailing list


bplant at westnet

Nov 16, 2005, 5:13 AM

Post #2 of 4 (546 views)
Permalink
Re: Re : Running app-admin/syslog-ng without rootprivileges [In reply to]
On Wed, 2005-11-16 at 12:54 +0100, varagnat [at] bertin wrote:
> > dedicated non-root account. May be we need to ask syslog-ng authors to
> > implement the same scheme as in sysklogd?
>
> Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used.

I ran syslog-ng as a non-root user once before, but now I run it as
root. From what I can remember, syslog-ng opened /proc/kmsg before
dropping privileges, however when you sent the HUP signal (i.e. after
running logrotate) it closed all the files and reopened them again.
Because it no longer had root permissions, it couldn't
reopen /proc/kmsg.

If /proc/kmsg was group readable and the group was set to a special
logger group, then I don't see why syslog-ng couldn't be run as a
non-root user.

Cheers,

Brad

--
gentoo-security [at] gentoo mailing list


Jerome.Poggi at hsc

Nov 17, 2005, 6:50 AM

Post #3 of 4 (545 views)
Permalink
Re: Running app-admin/syslog-ng without rootprivileges [In reply to]
On Wed, 16 Nov 2005, Brad Plant wrote:
> I ran syslog-ng as a non-root user once before, but now I run it as
> root. From what I can remember, syslog-ng opened /proc/kmsg before
> dropping privileges, however when you sent the HUP signal (i.e. after
> running logrotate) it closed all the files and reopened them again.
> Because it no longer had root permissions, it couldn't
> reopen /proc/kmsg.

Why did you rotate yourself your log ?
You better use MACRO like :

destination full {
file("/var/log/full/full_$YEAR.$MONTH.$DAY.log" log_fifo_size(1000) dir_perm(0755) create_dirs(yes));
file("/dev/tty12");
};
destination full_net {
file("/var/log/net/net_$HOST.$YEAR/$MONTH.$DAY.log" dir_perm(0755) create_dirs(yes));
};

Its better usable :-)

--
Jerome POGGI Jerome.Poggi [at] hsc
Herve Schauer Consultants -=- Consultant Sécurité Informatique, CISSP
http://www.hsc.fr/ Tèl : +33 141 409 700

--
gentoo-security [at] gentoo mailing list


miguel.filipe at gmail

Oct 9, 2006, 6:02 AM

Post #4 of 4 (548 views)
Permalink
Re: Re : Running app-admin/syslog-ng without rootprivileges [In reply to]
On 11/16/05, Brad Plant <bplant [at] westnet> wrote:
> On Wed, 2005-11-16 at 12:54 +0100, varagnat [at] bertin wrote:
> > > dedicated non-root account. May be we need to ask syslog-ng authors to
> > > implement the same scheme as in sysklogd?
> >
> > Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used.
>
> I ran syslog-ng as a non-root user once before, but now I run it as
> root. From what I can remember, syslog-ng opened /proc/kmsg before
> dropping privileges, however when you sent the HUP signal (i.e. after
> running logrotate) it closed all the files and reopened them again.
> Because it no longer had root permissions, it couldn't
> reopen /proc/kmsg.

the workaround is to "lseek(0)" instead of closing and open
/proc/kmsg, but doing a lseek in a virtual file li /proc/kmsg is weird
and I don't know it's implications..
Other way, is to simply skip the reopen of /proc/kmsg.

>
> If /proc/kmsg was group readable and the group was set to a special
> logger group, then I don't see why syslog-ng couldn't be run as a
> non-root user.

that means patching the kernel...
I guess it's better to patch on userland, and leave the kernel to
kernel hackers...
Also, it's cleaner to make the app secure within itselft, instead of
relying on the OS to change the permission and group of /proc/kmsg..

>
> Cheers,
>
> Brad
>
> --
> gentoo-security [at] gentoo mailing list
>
>

Best regards,

--
Miguel Sousa Filipe
--
gentoo-security [at] gentoo mailing list

Gentoo security RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.