[syslog-ng] [Bug 42] New: capabilities, chown, chmod
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Tue Apr 14 20:09:55 CEST 2009
https://bugzilla.balabit.com/show_bug.cgi?id=42
Summary: capabilities, chown, chmod
Product: syslog-ng
Version: 3.0.x
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: unspecified
Component: syslog-ng
AssignedTo: bazsi at balabit.hu
ReportedBy: zbyniu at pld-linux.org
Type of the Report: bug
Estimated Hours: 0.0
Let's take a look at syslog-ng-3.0.1/src/affile.c lines 60-83
1. CAP_SYS_ADMIN is needed only for /proc/kmsg, it is added w/o check
2. CAP_DAC_READ_SEARCH should be added only if open fail with errno 13
2a. CAP_DAC_OVERRIDE should be added only if open fail with errno 13 and with CAP_DAC_READ_SEARCH set
3. fchown needs CAP_CHOWN unconditionaly
4. fchmod needs CAP_FOWNER if file owner != euid (root here)
5. all caps should be restored
summary:
- CAP_SYS_ADMIN and CAP_DAC_OVERRIDE are set always even if unnecessary, and permanently
- owner, group and perm doesn't work
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list