[Bug 1884887] Re: rsyslogd dmesg unit leaves /var/log/dmesg* world readable

Ubuntu Foundations Team Bug Bot 1884887 at bugs.launchpad.net
Wed Jun 24 08:27:18 UTC 2020 

The attachment "rsyslog_8.2001.0-1ubuntu2.debdiff" seems to be a
debdiff.  The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff.  If the
attachment isn't a patch, please remove the "patch" flag from the
attachment, remove the "patch" tag, and if you are member of the
~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1884887

Title:
  rsyslogd dmesg unit leaves /var/log/dmesg* world readable

Status in rsyslog package in Ubuntu:
  New

Bug description:
  [Impact]

  The rsyslog dmesg systemd unit /lib/systemd/system/dmesg.service in
  eoan, focal, and groovy create /var/log/dmesg* with the following
  permissions:

    -rw-r--r-- 1 root adm 45146 Jun 16 12:32 /var/log/dmesg

  Most other system logs in /var/log/ are only readable by root and
  group adm.

  While it's true that the kernel dmesg buffer by default can be read by
  anyone using the dmesg(1) command, this can be disabled by setting the
  sysctl kernel.dmesg_restrict to 1, but doing so as a hardening measure
  is thwarted by the world readable nature of /var/log/dmesg.

  The reason dmesg output is sensitive is that it sometimes contains
  kernel addresses for diagnosing kernel problems, but attackers looking
  to attack a kernel are also interested in kernel addresses and other
  information that shows up there.

  [Test Case]

  To reproduce:

   $ ls -l /var/log/dmesg*

  should show only root and group adm access like so:

   -rw-r----- 1 root adm 50178 Jun 23 12:55 /var/log/dmesg
   -rw-r----- 1 root adm 50217 Jun 23 12:55 /var/log/dmesg.0
   -rw-r----- 1 root adm 13941 Jun 23 12:47 /var/log/dmesg.1.gz

  and not world readable:

   -rw-r--r-- 1 root adm 45146 Jun 16 12:32 /var/log/dmesg

  [Regression Potential]

  It's possible tools like apport and others might expect /var/log/dmesg
  to be world-readable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1884887/+subscriptions

More information about the Ubuntu-sponsors mailing list