From owner-svn-src-all@freebsd.org Mon Jul 15 03:23:55 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B544BAEDAA; Mon, 15 Jul 2019 03:23:55 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A8E1A72DC3; Mon, 15 Jul 2019 03:23:54 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-pf1-x444.google.com with SMTP id m30so6735004pff.8; Sun, 14 Jul 2019 20:23:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=5y7CE4MGAMkdepa7OU75u2sttt74bEqk1sVntoTqZ/8=; b=vC7d3qJoSwdPtshORQJ/k2wA9q/7usTuJryDVhXkrpSuLYaohXX3pkyynjPn6BOwrE N3lPDvjlgIxa5rHEVls7sCBoOOB4nar33a4YSNOlJCbrMA0Rg1qcsz21ps1R7mXh8Roi 6h0V9MO7gKpxqbBscL3tOGeTZxe5fn/21VVdgitZ+DBcjIazbxfALJHUro7BsPVmF8WO RlOqrm8pM8mG2Ugb0KslB+r6ihykDufwMJc+Fcb0PaN7f4jK/I0x5uCPWeB0mSf2hG4L 7SC9UTregVowKM46xSmvxxlMH7zFHjZUd+tyyICISZSB5h8+iiJqVOMc07l3vmha8wov 6hOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=5y7CE4MGAMkdepa7OU75u2sttt74bEqk1sVntoTqZ/8=; b=ALFpVWu3fPUYBoOWvc6/kri4XtNYXB8PoqlYYrtZjR9mellE3zbbitDVY6K/gPJFlK oYYTlpAvkb6nV4j/33UjLiUTVua6sC3esIKhfv7yIE315PreqFC9/Hlf803S96BV3EaS MOFq27LyX/dUf1tSZuu+GbJ93vld3kqOGiKcfucAXPzqSv9L/pVPpWcIwiq2HQcDvtzm Xcx21P4WtXgct1qrgbz76T++KXhydOLhsT2Q5C9IbYIahXYTnD7y38DcYU2iL36IBVgg +oVkkwxaKMe/ewf3gpur2r1BBE7vc9bZvKvzNY/ifdA+civ13vdhmhrUp0/wy4G+fNak XqrA== X-Gm-Message-State: APjAAAU3ofAwvoHgY++DcanK4zFUBf9C/gV1A1oKrKg6qmUVrctxcXUh pMiKwe7fsLHUmIGYgK5VeEiAtL6heSw= X-Google-Smtp-Source: APXvYqwKPaXgRpTURJ3a0TOFpElzuxGSu/jz87TNkunpizXaKB5EEIgtTxDfQtGKWxrtyAG4EYpQDw== X-Received: by 2002:a63:d755:: with SMTP id w21mr24788556pgi.311.1563161033170; Sun, 14 Jul 2019 20:23:53 -0700 (PDT) Received: from [192.168.20.12] (c-73-19-52-228.hsd1.wa.comcast.net. [73.19.52.228]) by smtp.gmail.com with ESMTPSA id m13sm12381254pgv.89.2019.07.14.20.23.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 14 Jul 2019 20:23:52 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: svn commit: r349974 - head/libexec/rc/rc.d From: "Enji Cooper (yaneurabeya)" In-Reply-To: <201907131607.x6DG7cTR067202@repo.freebsd.org> Date: Sun, 14 Jul 2019 20:23:51 -0700 Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <4D2DD5FF-3BEE-42F7-B4D1-41C399740551@gmail.com> References: <201907131607.x6DG7cTR067202@repo.freebsd.org> To: Ian Lepore X-Mailer: Apple Mail (2.3445.104.11) X-Rspamd-Queue-Id: A8E1A72DC3 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=vC7d3qJo; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of yaneurabeya@gmail.com designates 2607:f8b0:4864:20::444 as permitted sender) smtp.mailfrom=yaneurabeya@gmail.com X-Spamd-Result: default: False [-4.40 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MV_CASE(0.50)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.72)[-0.723,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-1.17)[ip: (-0.19), ipnet: 2607:f8b0::/32(-3.17), asn: 15169(-2.44), country: US(-0.06)]; RCVD_IN_DNSWL_NONE(0.00)[4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jul 2019 03:23:55 -0000 > On Jul 13, 2019, at 09:07, Ian Lepore wrote: >=20 > Author: ian > Date: Sat Jul 13 16:07:38 2019 > New Revision: 349974 > URL: https://svnweb.freebsd.org/changeset/base/349974 >=20 > Log: > Limit access to system accounting files. >=20 > In 2013 the security chapter of the Handbook was updated in r42501 to > suggest limiting access to the system accounting file [*1] by = creating the > initial file with a mode of 0600. This was in part based on a = discussion in > the forums [*2]. Unfortunately, this advice is overridden by the fact = that a > new file is created as part of periodic daily processing, and the = file mode > is set by the rc.d/accounting script. >=20 > These changes update the accounting script to create the directory = with mode > 0750 if it doesn't already exist, and to create the daily file with = mode > 0640. This limits write access to root only, read access to root and = members > of wheel, and eliminates world access completely. For admins who want = to > prevent even members of wheel from accessing the files, the mode of = the > /var/account directory can be manually changed to 0700, because the = script > never creates or changes that directory if it already exists. >=20 > The accounting_rotate_log() function now also handles the error cases = of no > existing log file to rotate, and attempting to rotate the file = multiple > times (.0 file already exists). >=20 > Another small change here eliminates the complexity of the = mktemp/chmod/mv > sequence for creating a new acct file by using install(1) with the = flags > needed to directly create the file with the desired ownership and > modes. That allows coalescing two separate if checkyesno = accounting_enable > blocks into one. >=20 > These changes were inspired by my investigation of PR 202203. >=20 > [1] https://www.freebsd.org/doc/handbook/security-accounting.html > [2] http://forums.freebsd.org/showthread.php?t=3D41059 >=20 > PR: 202203 > Differential Revision: https://reviews.freebsd.org/D20876 Does this deserve a =E2=80=9CRelnotes: yes=E2=80=9D=E2=80=A6? Thanks! -Enji=