From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 07 03:30:40 2020 Received: (at 40405) by debbugs.gnu.org; 7 Apr 2020 07:30:40 +0000 Received: from localhost ([127.0.0.1]:49500 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLigy-0003Ne-2r for submit@debbugs.gnu.org; Tue, 07 Apr 2020 03:30:40 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55533) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jLigw-0003NA-1a for 40405@debbugs.gnu.org; Tue, 07 Apr 2020 03:30:38 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49721) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1jLigq-00029n-CL; Tue, 07 Apr 2020 03:30:32 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=45300 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jLigp-00023j-Nw; Tue, 07 Apr 2020 03:30:32 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Bengt Richter Subject: Re: bug#40405: System log files are world readable References: <87v9mg1zbt.fsf@GlaDOS.home> <874ktxh99k.fsf@gnu.org> <87blo4clpp.fsf@gnu.org> <20200407004958.GA8760@LionPure> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 19 Germinal an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 07 Apr 2020 09:30:29 +0200 In-Reply-To: <20200407004958.GA8760@LionPure> (Bengt Richter's message of "Tue, 7 Apr 2020 02:49:58 +0200") Message-ID: <87zhbnbvmy.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40405 Cc: 40405@debbugs.gnu.org, Diego Nicola Barbato X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi, Bengt Richter skribis: > On +2020-04-07 00:07:14 +0200, Ludovic Court=C3=A8s wrote: >> Hi, >>=20 >> Ludovic Court=C3=A8s skribis: >>=20 >> > In the meantime, the patch below fixes the syslogd problem. Also >> > attached is a patch for the accounting database, though that one is >> > questionable. >>=20 >> I pushed the syslog bits along with a test as commit >> d7113bb655ff80a868a9e624c913f9d23e6c63ad. (I think already >> world-readable files will remain world-readable though?) >> > > Could build daemons do some kind of maintenance rebuild to chmod them? > And maybe be scheduled to monitor new files for other mistakes as well? Yes, we could do that, I just haven=E2=80=99t checked if this is necessary = or thought about how to do it. > Meanwhile, could a superuser chmod them without affecting hashes? Definitely. (There=E2=80=99s no =E2=80=9Chashing=E2=80=9D involved for /va= r/log.) Ludo=E2=80=99.