[syslog-ng]Syslog-NG security user permissions.

Balazs Scheidler bazsi@balabit.hu
Thu, 27 Jun 2002 17:37:26 +0200


On Thu, Jun 27, 2002 at 09:00:14AM -0400, Russo, Ben wrote:
> With the recent brewhaha about SSH I can't help but wonder about other
> daemons running on my boxes that don't have privelage separation.
> 
> Is it possible to give Syslog-ng a command line option (like named or ntpd)?
> So that after Syslog-ng binds to the network socket (with root privs) then
> it sets it's UID to something other than root?
> 
> I realize that many of the options in syslog-ng might be more complex if
> this were done.  I can think of many permissions and output file name and
> directory macros whose code would have to be modified if syslog-ng were to
> properly run as a regular user instead of ROOT and be able to properly
> handle error messages and such for permissions and directories and
> everything.
> 
> However, it is inevitable with the facts that Syslog-NG is a network Daemon,
> that receives input and has macros based on that input to write to files,
> that a remote vulnerability in Syslog-NG will become known....  If Syslog-NG
> is running as a non-root UID then this is not a problem, (other than a big
> nuisance).

See the -u, -g and -C options (user, group, chroot respectively). You might
not be able to reload your config though. (only restart would be possible)

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1