[oe-commits] [meta-openembedded] 03/08: rsyslog: CVE-2015-3243
git at git.openembedded.org
git at git.openembedded.org
Mon Aug 21 07:09:37 UTC 2017
This is an automated email from the git hooks/post-receive script.
martin_jansa pushed a commit to branch master-next
in repository meta-openembedded.
commit 13fef515d292ff571e5d68a8b1094e3f6d10a02a
Author: Zhixiong Chi <zhixiong.chi at windriver.com>
AuthorDate: Sun Aug 20 10:51:48 2017 +0800
rsyslog: CVE-2015-3243
rsyslog uses weak permissions for generating log files, which allows
local users to obtain sensitive information by reading files in
/var/log/cron.log
We add "create 0600 root root" to the /etc/logrotate.d/syslog file,
this will ensure the file is created with permissions when logrotate
runs. It is also recommended that users manually set the permissions
on existing or newly installed log files in order to prevent access
by untrusted users.
https://bugzilla.redhat.com/show_bug.cgi?id=1232826
CVE: CVE-2015-3243
Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
index 94ec517..7960815 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
@@ -23,6 +23,9 @@
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
+{
+ create 0600 root root
+}
/var/log/debug
/var/log/messages
{
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list