Fix syslog to not run as root in gutsy

Kees Cook kees at
Fri Sep 14 20:32:00 BST 2007

Hi Mathias,

On Fri, Sep 14, 2007 at 12:05:53PM -0400, Mathias Gug wrote:
> I've attached a patch to bug 120085 [1] that fixes the syslog daemon to not
> run under the root account, but under the syslog account. This is a
> regression that was introduced in Edgy (in Dapper, syslogd runs under
> the syslog account).
> So the question is whether it's too late in the release cycle to
> introduce such a change.

Personally, I think we should get it in.  It's a regression, not really
a "new feature", but we need to test it well.

> [1]

+   USER=$(echo ${SYSLOGD} | sed -e 's/^.*-u[[:space:]]*\([[:alnum:]]*\)[[:space:]]*.*$/\1/')
+# Unable to get the user under which syslogd should be running, stop.
+if [ -z "${USER}" ]

I think the user discovery needs to be more robust (if the sed fails,
then $USER is set to the entire contents of $SYSLOGD).  Perhaps have the
grep for -u match the sed line?

Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : 

More information about the ubuntu-devel mailing list