[syslog-ng] [Bug 42] New: capabilities, chown, chmod

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Tue Apr 14 20:09:55 CEST 2009


https://bugzilla.balabit.com/show_bug.cgi?id=42

           Summary: capabilities, chown, chmod
           Product: syslog-ng
           Version: 3.0.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: unspecified
         Component: syslog-ng
        AssignedTo: bazsi at balabit.hu
        ReportedBy: zbyniu at pld-linux.org
Type of the Report: bug
   Estimated Hours: 0.0


Let's take a look at syslog-ng-3.0.1/src/affile.c lines 60-83

1. CAP_SYS_ADMIN is needed only for /proc/kmsg, it is added w/o check
2. CAP_DAC_READ_SEARCH should be added only if open fail with errno 13
2a. CAP_DAC_OVERRIDE should be added only if open fail with errno 13 and with CAP_DAC_READ_SEARCH set
3. fchown needs CAP_CHOWN unconditionaly
4. fchmod needs CAP_FOWNER if file owner != euid (root here)
5. all caps should be restored

summary:
- CAP_SYS_ADMIN and CAP_DAC_OVERRIDE are set always even if unnecessary, and permanently
- owner, group and perm doesn't work


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the syslog-ng mailing list