Public bug reported:
[Impact]
The rsyslog dmesg systemd unit /lib/systemd/system/dmesg.service in
eoan, focal, and groovy create /var/log/dmesg* with the following
permissions:
-rw-r--r-- 1 root adm 45146 Jun 16 12:32 /var/log/dmesg
Most other system logs in /var/log/ are only readable by root and group
adm.
While it's true that the kernel dmesg buffer by default can be read by
anyone using the dmesg(1) command, this can be disabled by setting the
sysctl kernel.dmesg_restrict to 1, but doing so as a hardening measure
is thwarted by the world readable nature of /var/log/dmesg.
The reason dmesg output is sensitive is that it sometimes contains
kernel addresses for diagnosing kernel problems, but attackers looking
to attack a kernel are also interested in kernel addresses and other
information that shows up there.
[Test Case]
To reproduce:
$ ls -l /var/log/dmesg*
should show only root and group adm access like so:
-rw-r----- 1 root adm 50178 Jun 23 12:55 /var/log/dmesg
-rw-r----- 1 root adm 50217 Jun 23 12:55 /var/log/dmesg.0
-rw-r----- 1 root adm 13941 Jun 23 12:47 /var/log/dmesg.1.gz
and not world readable:
-rw-r--r-- 1 root adm 45146 Jun 16 12:32 /var/log/dmesg
[Regression Potential]
It's possible tools like apport and others might expect /var/log/dmesg
to be world-readable.
** Affects: rsyslog (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1884887
Title:
rsyslogd dmesg unit leaves /var/log/dmesg* world readable
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1884887/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
