Date: Mon, 20 Oct 2025 16:11:21 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 272552] Fix /var/log/messages and /var/run/dmesg.boot permissions when disabling read_msgbuf in the installer's hardening menu Message-ID: <bug-272552-227-gJGJD5TgKz@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-272552-227@https.bugs.freebsd.org/bugzilla/> References: <bug-272552-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272552 --- Comment #10 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D549cba3c9d1e14fffa9a99ed7b6ee51eb= 6d20e51 commit 549cba3c9d1e14fffa9a99ed7b6ee51eb6d20e51 Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2025-10-17 14:34:55 +0000 Commit: Jose Luis Duran <jlduran@FreeBSD.org> CommitDate: 2025-10-20 16:05:40 +0000 rc: dmesg: Allow umask to be configurable Allow umask to be configurable. Being able to set the umask via an rc variable is useful when setting: security.bsd.unprivileged_read_msgbuf=3D0 As it allows a user to configure: dmesg_umask=3D"066" Without modifying the rc script, and preventing the contents of the $dmesg_file (/var/run/dmesg.boot) from being publicly readable. PR: 272552 Reviewed by: netchild MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D53169 (cherry picked from commit edadbc6ee95570627679f3bc14a1d5476d0ce339) libexec/rc/rc.conf | 1 + libexec/rc/rc.d/dmesg | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272552-227-gJGJD5TgKz>