From owner-freebsd-security Tue Dec 1 06:19:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA02255 for freebsd-security-outgoing; Tue, 1 Dec 1998 06:19:30 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from unix1.it-datacntr.louisville.edu (unix1.it-datacntr.louisville.edu [136.165.4.27]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA02246 for ; Tue, 1 Dec 1998 06:19:26 -0800 (PST) (envelope-from k.stevenson@louisville.edu) Received: from homer.louisville.edu (ktstev01@homer.louisville.edu [136.165.1.20]) by unix1.it-datacntr.louisville.edu (8.8.8/8.8.7) with ESMTP id JAA36124; Tue, 1 Dec 1998 09:19:11 -0500 Received: (from ktstev01@localhost) by homer.louisville.edu (8.8.8/8.8.8) id JAA11807; Tue, 1 Dec 1998 09:19:10 -0500 (EST) Message-ID: <19981201091910.A2864@homer.louisville.edu> Date: Tue, 1 Dec 1998 09:19:10 -0500 From: Keith Stevenson To: "Open Systems Inc." Cc: freebsd-security@FreeBSD.ORG Subject: Re: chflags sappnd and secure level 3 question... References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Open Systems Inc. on Mon, Nov 30, 1998 at 06:29:45PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Nov 30, 1998 at 06:29:45PM -0600, Open Systems Inc. wrote: > > Ok apparently I dont quite grawk what the problem is here. > I have a firewall box running secure level 3. > With ALL the log files in /var/log/* set with sappnd. > But newsyslog keeps spitting out: > > newsyslog: can't start new log: Operation not permitted > > I thought sappnd would allow root to append files. Do I have that part > right? True, sappnd will allow root (or any other user with sufficient permission) to _append_ to a file. Newsyslog, however, doesn't append. A quick reading of the newsyslog source (/usr/src/usr.sbin/newsyslog/newsyslog.c on my system) shows that newsyslog actually does a rename(2) on the file as it rotates the file. Since this syscall modifies the file's inode, it is forbidden at high securelevels. If you want newsyslog to be able to rotate the log files in a high security environment you will need to use the uappnd flag. This will prevent non-root processes from doing anything other than appending to the file. Root can do whatever root wants. This is probably not a good solution for a firewall, since it effectively negates most of the security benefits of running at the high securelevel. In my environment, I have the luxury of a regularly scheduled downtime period. (It's bad for the uptime statistics, but wonderful for getting work done!) During these scheduled downtime periods, I take the servers to single user mode and run a script which removes the sappnd flags, runs newsyslog, and then replaces the sappnd flags. (I've removed newsylog from my crontab.) Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message