Fix syslog to not run as root in gutsy
Kees Cook
kees at ubuntu.com
Fri Sep 14 20:32:00 BST 2007
Hi Mathias,
On Fri, Sep 14, 2007 at 12:05:53PM -0400, Mathias Gug wrote:
> I've attached a patch to bug 120085 [1] that fixes the syslog daemon to not
> run under the root account, but under the syslog account. This is a
> regression that was introduced in Edgy (in Dapper, syslogd runs under
> the syslog account).
>
> So the question is whether it's too late in the release cycle to
> introduce such a change.
Personally, I think we should get it in. It's a regression, not really
a "new feature", but we need to test it well.
> [1] https://bugs.launchpad.net/ubuntu/+source/sysklogd/+bug/120085
+ USER=$(echo ${SYSLOGD} | sed -e 's/^.*-u[[:space:]]*\([[:alnum:]]*\)[[:space:]]*.*$/\1/')
+fi
+
+# Unable to get the user under which syslogd should be running, stop.
+if [ -z "${USER}" ]
I think the user discovery needs to be more robust (if the sed fails,
then $USER is set to the entire contents of $SYSLOGD). Perhaps have the
grep for -u match the sed line?
--
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20070914/c0bc3672/attachment.pgp
More information about the ubuntu-devel
mailing list