syslogd(8) Dropping Privs

• Previous message: Nebi Gurbanov: "How to configure applications so that they could use hardware ssl accelerator"
• Next in thread: Neo-Vortex: "Re: syslogd(8) Dropping Privs"
• Reply: Neo-Vortex: "Re: syslogd(8) Dropping Privs"
• Reply: Colin Percival: "Re: syslogd(8) Dropping Privs"
• Reply: Darren Reed: "Re: syslogd(8) Dropping Privs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 4 Jun 2004 12:53:38 -0700
To: freebsd-security@freebsd.org

I made a quick change to syslogd(8) so that it can drop root
privileges immediately after starting up. It opens up the log
sockets (UNIX and network domains) and writes the PID files
before dropping privs. It drops privs before openning log
files and writing to users. Therefore, you would need to
modify your log file permissions appropriately. As for writing
to users, ttys generally are writeable by group tty. The UID
chosen to run syslogd as should be in this group if this feature
is desired.

We haven't had many syslogd(8) vulnerabilities lately, but one
less daemon running as root seems like a Good Thing. I do not
see any drawbacks from a security point of view. The log files
would have to be owned, or otherwise writeable, by this other
user, but so what. Obviously, I may be missing something.

Any interest in this? Let me know if you try it out and any
successes or failures.

Patches! CURRENT and RELENG_4 version attached. The documentation
is included as a patch to the syslogd(8) man page.

-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• text/plain attachment: syslogd.RELENG_4

• text/plain attachment: syslogd.CURRENT

• Previous message: Nebi Gurbanov: "How to configure applications so that they could use hardware ssl accelerator"
• Next in thread: Neo-Vortex: "Re: syslogd(8) Dropping Privs"
• Reply: Neo-Vortex: "Re: syslogd(8) Dropping Privs"
• Reply: Colin Percival: "Re: syslogd(8) Dropping Privs"
• Reply: Darren Reed: "Re: syslogd(8) Dropping Privs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Multi-Threading ... 100,000+ line log file and decided to use multi-threading as a solution to ... Multi-threading on the desktop is useful when you're executing long running ... getting the info is a problem or is writing it the database, ... Do Until intcount> intcount1 ... (microsoft.public.dotnet.languages.vb) Re: how to make my deamon depends on other ... No matter how your daemon is installed ... Does this make any sense in your app that the mydaemon's pid one more ... of the log file changed back to root who is the system-starting the ... I used in mydeamon script to change the owner of log file. ... (comp.unix.shell) Re: Hard Drive Space ... of the distribution, ... security problems it had over the life of the distribution. ... in the space, either the box is 0wn3d, or you have a process that is writing ... If you don't recall removing some log file manually, ... (linux.redhat) Re: Logrotate is a pain ... >>important feature is that the program, which writes the logfiles does ... > to have missed is that if you rename an open log file, ... > writing to it continues writing to it regardless of the name. ... You can simply put a simple line in it to send SIGHUP to your daemon and the ... (comp.os.linux.misc) Re: How to remove a single line from a flat file (Still very off-topic.) ... turn off syslog (so it's not writing to the file while you edit it), ... Editting includes rotating the log file, removing old entries, etc. ... part of the problem is the design of these files. ... more time/energy/money is spent on the admin juggling log files ... (comp.lang.tcl)