From owner-freebsd-security@FreeBSD.ORG Mon Jun 7 20:27:50 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 784FF16A4CE for ; Mon, 7 Jun 2004 20:27:50 +0000 (GMT) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2330E43D5A for ; Mon, 7 Jun 2004 20:27:50 +0000 (GMT) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (c-24-6-187-112.client.comcast.net[24.6.187.112]) by comcast.net (sccrmhc11) with ESMTP id <20040607202746011001jfsme>; Mon, 7 Jun 2004 20:27:47 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.11/8.12.8) with ESMTP id i57KRkJ4075920; Mon, 7 Jun 2004 13:27:46 -0700 (PDT) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.11/8.12.11/Submit) id i57KRj3k075919; Mon, 7 Jun 2004 13:27:45 -0700 (PDT) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Mon, 7 Jun 2004 13:27:45 -0700 From: "Crist J. Clark" To: Darren Reed Message-ID: <20040607202745.GA75747@blossom.cjclark.org> References: <20040604195338.GA50275@blossom.cjclark.org> <200406050821.i558LUtm003296@caligula.anu.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200406050821.i558LUtm003296@caligula.anu.edu.au> User-Agent: Mutt/1.4.2.1i X-URL: http://people.freebsd.org/~cjc/ X-Mailman-Approved-At: Mon, 14 Jun 2004 10:38:14 +0000 cc: freebsd-security@freebsd.org Subject: Re: syslogd(8) Dropping Privs X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: cjclark@alum.mit.edu List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jun 2004 20:27:50 -0000 On Sat, Jun 05, 2004 at 06:21:29PM +1000, Darren Reed wrote: > ...and this works in the case of SIGHUP too ? > > i.e. re-read syslogd.conf and can open new files r/w root only ? Syslogd(8) does NOT run as root by the time log files are openned at startup or a reconfig (SIGHUP). As I stated in the original message, the log files will have to be writable by the user. Same goes for writting messages to users via their ttys. Although having things set up otherwise is probably rare, make sure that the user can read the configuration file. What do we do while still root? Open the UNIX domain log sockets (/var/run/log and any others specified) and open the network socket (514/udp by default or whatever specified). The PID file is also written while still root. I'm thinking of writing a "conversion" script to make the required changes. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org