--- Begin Message ---
Subject: |
System log files are world readable |
Date: |
Fri, 03 Apr 2020 15:19:34 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hey Guix,
On Guix System the log files (in /var/log) generated by syslogd are
currently (commit 151f3d4) world readable. They should probably only be
readable by root (for the same reason that dmesg can only be run by
root).
It isn't possible to set the umask with fork-exec-constructor, is it?
Otherwise that might have been a simple solution.
Regards,
Diego
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#40405: System log files are world readable |
Date: |
Sun, 19 Apr 2020 16:28:24 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi Diego,
Diego Nicola Barbato <address@hidden> skribis:
>>From 43c9ded791ce5b480504ce3528ee34578168f90e Mon Sep 17 00:00:00 2001
> From: Diego Nicola Barbato <address@hidden>
> Date: Tue, 7 Apr 2020 13:58:28 +0200
> Subject: [PATCH 1/2] service: Create log files as non-world-readable.
>
> * modules/shepherd/service.scm (exec-command): Create log-file with file
> permissions #o640.
[...]
>>From e491436967a912e6e7372f582b3bf5c9784b8209 Mon Sep 17 00:00:00 2001
> From: Diego Nicola Barbato <address@hidden>
> Date: Tue, 7 Apr 2020 13:38:47 +0200
> Subject: [PATCH 2/2] service: Add #:file-creation-mask to
> 'make-forkexec-constructor'.
>
> * modules/shepherd/service.scm (exec-command): Add #:file-creation-mask
> parameter and honor it.
> (fork+exec-command): Add #:file-creation-mask parameter and pass it to
> exec-command.
> (make-forkexec-constructor): Add #:file-creation-mask parameter and pass it
> to fork+exec-command.
> * doc/shepherd.texi (Service De- and Constructors): Adjust accordingly.
I went ahead and pushed these two patches.
We’ll need to test current Shepherd master on Guix, but I feel we’ve
accumulated enough improvements for a 0.7.1 release.
Thanks,
Ludo’.
--- End Message ---