Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Has development of SLiM ceased?
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2  
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13498

PostPosted: Sat Dec 16, 2017 12:18 am    Post subject: Reply with quote

Correct, but the problem is that the privileged process opens the file (which succeeds), then incorrectly permits an unprivileged process to inherit the descriptor. Per standard permission rules, once inherited, the unprivileged process can use that descriptor even though it could not open a corresponding descriptor using its own credentials.

Log rotation would mitigate the problem, but logs can be filled far more quickly than logrotate would normally poll, so there would be a period where the log was full even if logrotate did eventually rotate it out. Setting permissions on the newly created logfile doesn't matter here, since the log is opened by a privileged process.
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1692

PostPosted: Sat Dec 16, 2017 1:48 am    Post subject: Reply with quote

I know for my system, the size of my slim.log file(s) are not even 1K using standard logging levels, even all of the archived older copies of the log compressed didn't even exceed 1k in size. Now assuming, gz and bzip2 managed to get some really amazing compression levels on this log; I seriously doubt it would exceed 100k uncompressed. So going by the premise that you are not concerned about this log/worried about the size exploding; you wouldn't have the logging level set to the most verbose/debugging levels. Going by a simple thing of having that log rotated daily and only 1 archive copy (sure, would be rather excessive); I'd be really surprised if both logs take up more than 500k of space total. As it is, I get more logs in the messages log than I get in all of my slim logs combined for a single day; mostly of the same repeating trash of cron running every 10 mins/hourly and messages from dhcpcd. For my slim log, I am only getting these messages:

Code:
Oate /home/ct85711 # zcat /var/log/slim.log-20171126.gz
slim: unexpected signal 15

slim: waiting for X server to shut down

slim: waiting for X server to begin accepting connections.

slim: waiting for X server to shut down

slim: waiting for X server to begin accepting connections.
slim: unexpected signal 15

slim: waiting for X server to shut down

slim: waiting for X server to begin accepting connections.


So before we go too far on if the file permissions, we should determine if there is some in there can can be compromising to begin with. If the messages in his log is the same, do we really care if the permission isn't really secure 100% of the time. Now assuming most of the time it is the same messages; and the unlikely to rare time it does have something for more value; how much of a security risk is it to not worry about the file permissions and just have the log cycled daily? Now my thinking is, you should first monitor the log for a while and see if it does contain something that is something to be concerned about, but also monitor the frequency too. If it is an rare situation, then obviously this isn't something to worry about besides having the file rotated on a regular basis to minimize file growth.

The logs that I'd be more concerned about on having a higher chance of containing more sensitive information and/or growing to a large size at a faster rate would be the Xorg.{0,1).log, messages, dmesg, emerge.log, and lastlog. All of those, I regularly see it have a size exceeding 100k or more. Even then, on my system, only Xorg log and lastlog have permissions allowing anyone to read. Yes I am aware lastlog is in binary format, but even doing cat on it, I manage to identify a ip address in it without any difficulty.
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 6965

PostPosted: Sat Dec 16, 2017 7:24 am    Post subject: Reply with quote

mv wrote:
Actually, I am not even sure what the security issue is. In my case, &3 is not accessible.

I cannot reproduce it too.
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5801

PostPosted: Sat Dec 16, 2017 9:29 am    Post subject: Reply with quote

slim works just fine for me, with xorg+mate.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum