[Bug 388608] Re: Don't run as root

Bug Watch Updater 388608 at bugs.launchpad.net
Fri Nov 22 09:26:56 UTC 2013 

Launchpad has imported 2 comments from the remote bug at
http://bugzilla.adiscon.com/show_bug.cgi?id=144.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2009-07-28T08:32:23+00:00 Rgerhards-j wrote:

Currently, rsyslog can not read the kernel log once it has dropped
privileges.

There has been an interesting note on the Ubuntu bug tracker [1] which
recommends using linux capabilities and CAP_SYS_ADMIN in particular.
Thanks to Michael Biebl for making me aware of that posting. I've dug a
bit and found a good entry article [2] that convinced me this is a good
solution. I just don't have the time to do it now, but hopefully within
the next two month.


[1] https://bugs.launchpad.net/rsyslog/+bug/388608/comments/9
[2] http://www.linuxjournal.com/article/5737

Reply at:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/388608/comments/10

------------------------------------------------------------------------
On 2009-11-12T13:49:49+00:00 Rgerhards-j wrote:

Further discussion with the Ubuntu folks made me know that they don't
consider it a good idea, because that capability sill has a lot of
power. Still I find it a useful addition, but I demote its priority.
Something to be done when not much more is left ;)

Reply at:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/388608/comments/11

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/388608

Title:
  Don't run as root

Status in Rsyslog:
  Confirmed
Status in “rsyslog” package in Ubuntu:
  Fix Released

Bug description:
  Binary package hint: rsyslog

  Right now rsyslog always runs as root.  Ideally it wouldn't.

  In particular, three things need to happen:
  1) Bug 250827 needs to be fixed, where the package creates the syslog user.
  2) We need to backport the upstream support for dropping privileges or update to 4.1.1 or later.
  3) We need to do something about reading /proc/kmsg.  sysklogd handled it by starting a dd process that shoveled the data to a syslog-readable location.  We may need a similar trick.

To manage notifications about this bug go to:
https://bugs.launchpad.net/rsyslog/+bug/388608/+subscriptions

More information about the foundations-bugs mailing list