[syslog-ng] Bug report: syslog-ng requests too many capabilities

Russenberger Dominik dominik.russenberger at terreactive.ch
Tue Apr 17 12:30:58 UTC 2018 

Hi List,
I recently noticed something very strange: although I run syslog-ng as
an unprivileged user (with -u log -g log), newly created logfiles were
owned by root. syslog-ng shows up running as user log in ps, as expected.

The culprit turned out to be linux capabilities. No problem I thought,
I just add a "--caps 'CAP_NET_BIND_SERVICE=epi'" command line parameter
(binding ports <1024 is the only capability I need). But then I was
getting flooded by messages like this:
syslog-ng[25657]: Error managing capability set, cap_set_proc returned an error; caps='= cap_net_bind_service+eip cap_fowner+e', error='Operation not permitted (1)'

In my opinion, there are 2 bugs in syslog-ng:
* if I tell a daemon to run as unprivileged user I do not expect it to
  write files as user root. What syslog-ng is doing basically is faking
  being an unprivileged user, while retaining capabilities which are
  equivalent to full root permissions.
  Syslog-ng should imho either run as root, with capabilities;
  OR as unprivileged user without capabilities (except those
  explicitly given in --caps)
* syslog-ng drops to the capabilities it gets told in --caps,
  but later g_process_cap_modify() ignores what was specified.

Some notes about my environment:
- the OS is an Ubuntu remix. I'm recompiling syslog-ng 3.11.1 from Ubuntu
  Artful, with some changed configure flags (see below)
- there are multiple syslog-ng instances running. One for the system
  itself (as root), and multiple other syslogs receiving incoming logs
  over udp/tcp (running as user log)

My syslog-ng version:
syslog-ng 3 (3.11.1)
Installer-Version: 3.11.1
Revision: 
Compile-Date: Apr 10 2017 14:06:00
Module-Directory: /usr/lib/syslog-ng/3.11
Module-Path: /usr/lib/syslog-ng/3.11
Available-Modules: disk-buffer,afsocket,afprog,system-source,kvformat,cef,affile,date,cryptofuncs,basicfuncs,confgen,pseudofile,csvparser,afuser,syslogformat,dbparser,linux-kmsg-format
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: off
Enable-Linux-Caps: on
Enable-Systemd: off

Thanks,
Dominik

More information about the syslog-ng mailing list