Thanks to everyone who commented. I will now change the default to 700, which should not expose anything more than we already had (and also is a better default as I outlined). As we all have concluded that the previous default is buggy, I'll change it wherever the problem is, that means I start with v2-stable and will end up with a patch to all currently supported versions. You'll see announcements soon...
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Sunday, April 12, 2009 4:54 AM > To: rsyslog-users > Subject: Re: [rsyslog] wrong permissons on directories > > On Thu, 9 Apr 2009, Rainer Gerhards wrote: > > >> -----Original Message----- > >> From: [email protected] [mailto:rsyslog- > >> [email protected]] On Behalf Of RB > >> > >> On Thu, Apr 9, 2009 at 06:19, Rainer Gerhards > <[email protected]> > >> wrote: > >>> In other words: I am not yet fully convinced (even not after reading > >> the rest > >>> of your post ;)). But I am getting closer to being convinced ;) > >> > >> :) I haven't any further arguments, so we may have to stop halfway. > > > > Maybe some other folks cast their ballot - but it was probably not > smart to > > send this mail directly before easter ;) > > > >> As a security "professional" (whatever that ends up meaning) I tend > to > >> prefer developers allow me to make that choice, > > > > Actually, it is your choice. Let me explain, in case there is a > > misunderstanding. You have full control over the directory > permissions, via > > the $DirCreateMode [1] directive. For example, Michael Biebl was so > smart to > > include a "$DirCreateMode 0755" in the standard Debian configuration, > so it > > almost is a no-issue there. What I am talking about is the default for > this > > setting, the case when nothing was specified by the user. > > > >> but understand the > >> balance you have to make between that and helping your users make > wise > > > > I am not talking about wise vs. unwise decisions. My concern is that > in > > current releases, the default is off, but it also means it is somewhat > > strict. If I now change the default (which would be wise), it may > result in > > relaxed access control permissions. And as this affects users who so > far did > > not care at all about the permissions, those users may never know - > that is > > what triggers some "bad feelings" inside me. > > > > As a side-note, I wonder if a default of 0700 might be even wiser than > "755". > > Who doesn't like that can override it. As the default is probably > "pain in > > the a..." for people, they would possibly begin thinking about that > aspect > > (but on the other hand I already envison all those smart web sites > that tell > > you just to use "$DirCreateMode 0777" to "fix the issue" - so this may > even > > be less useful than starting with 755 in the first place. > > the current default doesn't work at all, so it's definantly wrong. > > either 700 or 755 would be a better default. I can see arguments about > system logs not being intended to be read by everyone, so if you want to > run rsyslog as root having the default be 700 is reasonable. > > David Lang > > > The more I think about it, this whole issue is much less about > technical > > defaults but more about human nature ;) > > > >> (if erring on the side of cautious) decisions, particularly with > >> "legacy" software. > > > > I hope this clarifies, > > Rainer > > [1] http://www.rsyslog.com/doc-rsconf1_dircreatemode.html > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
