[syslog-ng] Bug report: syslog-ng requests too many capabilities
dominik.russenberger at terreactive.ch
Tue Apr 17 12:30:58 UTC 2018
I recently noticed something very strange: although I run syslog-ng as
an unprivileged user (with -u log -g log), newly created logfiles were
owned by root. syslog-ng shows up running as user log in ps, as expected.
The culprit turned out to be linux capabilities. No problem I thought,
I just add a "--caps 'CAP_NET_BIND_SERVICE=epi'" command line parameter
(binding ports <1024 is the only capability I need). But then I was
getting flooded by messages like this:
syslog-ng: Error managing capability set, cap_set_proc returned an error; caps='= cap_net_bind_service+eip cap_fowner+e', error='Operation not permitted (1)'
In my opinion, there are 2 bugs in syslog-ng:
* if I tell a daemon to run as unprivileged user I do not expect it to
write files as user root. What syslog-ng is doing basically is faking
being an unprivileged user, while retaining capabilities which are
equivalent to full root permissions.
Syslog-ng should imho either run as root, with capabilities;
OR as unprivileged user without capabilities (except those
explicitly given in --caps)
* syslog-ng drops to the capabilities it gets told in --caps,
but later g_process_cap_modify() ignores what was specified.
Some notes about my environment:
- the OS is an Ubuntu remix. I'm recompiling syslog-ng 3.11.1 from Ubuntu
Artful, with some changed configure flags (see below)
- there are multiple syslog-ng instances running. One for the system
itself (as root), and multiple other syslogs receiving incoming logs
over udp/tcp (running as user log)
My syslog-ng version:
syslog-ng 3 (3.11.1)
Compile-Date: Apr 10 2017 14:06:00
More information about the syslog-ng