https://bugzilla.balabit.com/show_bug.cgi?id=42 Zbigniew Krzystolik <zbyniu@pld-linux.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #4 from Zbigniew Krzystolik <zbyniu@pld-linux.org> 2009-05-05 15:14:55 --- (In reply to comment #2)
(In reply to comment #0)
Let's take a look at syslog-ng-3.0.1/src/affile.c lines 60-83
1. CAP_SYS_ADMIN is needed only for /proc/kmsg, it is added w/o check 2. CAP_DAC_READ_SEARCH should be added only if open fail with errno 13 2a. CAP_DAC_OVERRIDE should be added only if open fail with errno 13 and with CAP_DAC_READ_SEARCH set
well, I wouldn't want to complicate enabling those capabilities too much. Currently those capabilities are only enabled for /proc/kmsg and nothing else. (see the check for AFFILE_PRIVILEGED in affile_sd_new)
Ok, agreed, maybe it's better to keep it simple. But CAP_SYS_ADMIN is enabled always (in src/main.c).
3. fchown needs CAP_CHOWN unconditionaly 4. fchmod needs CAP_FOWNER if file owner != euid (root here)
I didn't know those. If these are needed for fchown/fchmod, do I need CAP_DAC_OVERRIDE at all? I was enabling DAC_OVERRIDE to be able to change owner/mode information, but as it seems that is not needed, right?
Yes, it is needed to write in log file w/o permissions ie owner(bla) group(ble) perm(0660). And for create dirs if parent has no perm too.
5. all caps should be restored
this was done:
if (privileged) { g_process_cap_restore(saved_caps); }
Ah, it simply sholud be restored without this condition.
summary: - CAP_SYS_ADMIN and CAP_DAC_OVERRIDE are set always even if unnecessary, and permanently
no, this is not true.
It is. Run getpcaps `pidof syslog-ng`
this should be fixed by this patch: [...]
Yes, but now have CAP_CHOWN and CAP_FOWNER permanently (run getpcaps). -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.