Updated groovy debdiff against the merge from debian currently in

** Patch added: "rsyslog_8.2006.0-2ubuntu2.debdiff"

** Patch removed: "rsyslog_8.2001.0-1ubuntu2.debdiff"

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.

  rsyslogd dmesg unit leaves /var/log/dmesg* world readable

Status in rsyslog package in Ubuntu:

Bug description:

  The rsyslog dmesg systemd unit /lib/systemd/system/dmesg.service in
  eoan, focal, and groovy create /var/log/dmesg* with the following

    -rw-r--r-- 1 root adm 45146 Jun 16 12:32 /var/log/dmesg

  Most other system logs in /var/log/ are only readable by root and
  group adm.

  While it's true that the kernel dmesg buffer by default can be read by
  anyone using the dmesg(1) command, this can be disabled by setting the
  sysctl kernel.dmesg_restrict to 1, but doing so as a hardening measure
  is thwarted by the world readable nature of /var/log/dmesg.

  The reason dmesg output is sensitive is that it sometimes contains
  kernel addresses for diagnosing kernel problems, but attackers looking
  to attack a kernel are also interested in kernel addresses and other
  information that shows up there.

  [Test Case]

  To reproduce:

   $ ls -l /var/log/dmesg*

  should show only root and group adm access like so:

   -rw-r----- 1 root adm 50178 Jun 23 12:55 /var/log/dmesg
   -rw-r----- 1 root adm 50217 Jun 23 12:55 /var/log/dmesg.0
   -rw-r----- 1 root adm 13941 Jun 23 12:47 /var/log/dmesg.1.gz

  and not world readable:

   -rw-r--r-- 1 root adm 45146 Jun 16 12:32 /var/log/dmesg

  [Regression Potential]

  It's possible tools like apport and others might expect /var/log/dmesg
  to be world-readable.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to