[syslog-ng] Why syslog-ng'config permission change ?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Dec 26 08:31:07 CET 2007
On Mon, 24 Dec 2007 22:45:08 PST, Evan Rempel said:
> Do you have security enhanced linux enables (SELinux).
> That will reset permission on a reboot.
No, SELinux will *not* do that. It does *not* reset permissions, ever.
What it *will* do is fail an access if the security attributes aren't
set correctly. So you'll try to open a file and get -EPERM.
Please note that setting the syslog-ng.conf file to mode 666 basically
gives all users an instant rootshell. Consider the following:
1) User puts "destination (file "/etc/passwd");" in the file.
2) User then uses 'logger "\nmyroot::0:0:::::/bin/bash", or similar.
User now has a myroot userid with no password. Have a nice day. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071226/501558a1/attachment.pgp
More information about the syslog-ng
mailing list