|
From: | Maxime Devos |
Subject: | [bug#57363] [PATCH 0/1] Set #o640 permissions for log file of shepherd service in container. |
Date: | Fri, 26 Aug 2022 16:48:40 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 |
On 23-08-2022 19:31, Arun Isaac wrote:
However, when a shepherd service is run using make-forkexec-constructor/container, the log file has #o644 permissions. This patch corrects that.
There is a small window during which the log file has overly-wide permissions, which IIUC makes the log openable when it shouldn't, which could later be exploited (after the daemon has been running for a while) to extract anything secret written to the log by the service.
Try using (close (open log-file (logior O_CREAT O_APPEND O_CLOEXEC) #o600)) instead, that should make things atomic.
I do not know if clearing the log file is desired -- if so, remove O_APPEND, if not, keep O_APPEND.
Maybe O_RDONLY or O_WRONLY or O_RDWR needs to be added to make the call to 'open' succeed.
Greetings, Maxime
OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
[Prev in Thread] | Current Thread | [Next in Thread] |