Bug#867747: rsyslog: /var/log/dmesg world-readable despite kernel.dmesg_restrict = 1
Dmitry Bogatov
KAction at debian.org
Mon Jan 28 12:37:29 GMT 2019
control: tags -1 +moreinfo
control: forcemerge -1 570358
[2019-01-24 10:17] Pierre Ynard <linkfanel at yahoo.fr>
>
> part text/plain 742
> > Interesting. On my system `/var/log/dmesg' is 640, root:adm, which is
> > quite restrictive. If I run `/etc/init.d/bootlogs' again, it stays so.
> >
> > But if I remove `/var/log/dmesg' and re-run `/etc/init.d/bootlogs',
> > `/var/log/dmesg' becomes 644.
> >
> > I believe adjustment to `/etc/init.d/bootlogs' to check
> > `kernel.dmesg_restrict' is needed. By the way, any ideas how could I
> > have 640 `/var/log/dmesg' in first place?
>
> initscripts's postinst script sets the permissions to 640 if the file
> doesn't exist.
>
> Setting /var/log/dmesg permissions according to kernel.dmesg_restrict
> seems to make sense but I'm a bit skeptical. I suppose that the way it
> keeps permissions set on it by the admin is both a bug and a feature.
Why are you skeptical? I do not see, how syncing /var/log/dmesg
permissions with kernel.dmesg_restrict could break things. Or am I
missing something?
Merging with #570358, since resolution to this bug would imply
resolution to #570358.
--
Note, that I send and fetch email in batch, once every 24 hours.
If matter is urgent, try https://t.me/kaction
--
More information about the Debian-init-diversity
mailing list