Package: syslog-ng Version: 3.1.3-1 Severity: grave Tags: security Hello,
On kfreebsd-i386, installing the syslog-ng package with its default configuration files, sets the permissions of system log files including /var/log/messages, daemon.log, auth.log and perhaps others to -rwsrwsrwt. This happens whether the files previously existed or not. This makes these log files world-readable, despite the perm(0640) setting in syslog-ng.conf. Non-privileged users can also truncate or append to these files, but doing so seems to remove the setuid/setgid bits. There may be a potential for root privilege escalation if a user can cause syslog-ng to write executable commands to one of these log files. The files are not normally executable (text file busy) whilst syslog-ng has them open for writing, but upon the next run of logrotate, the file permissions including setuid/setgid bits are preserved. -- typescript r...@kfreebsd-i386:/var/log# ls -al total 4 drwxr-xr-x 2 root root 1024 Dec 31 12:00 . drwxr-xr-x 13 root root 512 Dec 26 21:08 .. r...@kfreebsd-i386:/var/log# apt-get --yes install syslog-ng Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: libdbd-mysql libdbd-pgsql libdbd-sqlite3 The following NEW packages will be installed: syslog-ng 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/315 kB of archives. After this operation, 629 kB of additional disk space will be used. Selecting previously deselected package syslog-ng. (Reading database ... 21539 files and directories currently installed.) Unpacking syslog-ng (from .../syslog-ng_3.1.3-1_kfreebsd-i386.deb) ... Processing triggers for man-db ... Setting up syslog-ng (3.1.3-1) ... Starting system logging: syslog-ng. localepurge: Disk space freed in /usr/share/locale: 0 KiB localepurge: Disk space freed in /usr/share/man: 0 KiB Total disk space freed by localepurge: 0 KiB r...@kfreebsd-i386:/var/log# ls -al total 12 drwxr-xr-x 3 root root 512 Dec 31 12:00 . drwxr-xr-x 13 root root 512 Dec 26 21:08 .. drwxr-xr-x 2 root root 512 Dec 31 12:00 apt -rw-r--r-- 1 root root 1197 Dec 31 12:00 dpkg.log -rwsrwsrwt 1 root adm 206 Dec 31 12:00 messages -rwsrwsrwt 1 root adm 206 Dec 31 12:00 syslog -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: kfreebsd-i386 (i686) Kernel: kFreeBSD 8.1-1-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages syslog-ng depends on: ii libc0.1 2.11.2-7 Embedded GNU C Library: Shared lib ii libdbi0 0.8.2-3 Database Independent Abstraction L ii libevtlog0 0.2.8~1-2 Syslog event logger library ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libnet1 1.1.4-2 library for the construction and h ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi ii libssl0.9.8 0.9.8o-4 SSL shared libraries ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages syslog-ng recommends: ii logrotate 3.7.8-6 Log rotation utility Versions of packages syslog-ng suggests: pn libdbd-mysql <none> (no description available) pn libdbd-pgsql <none> (no description available) pn libdbd-sqlite3 <none> (no description available) -- no debconf information Thanks, Regards, -- Steven Chamberlain [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
