[oe-commits] [meta-openembedded] 03/08: rsyslog: CVE-2015-3243
ChenQi
Qi.Chen at windriver.com
Tue Aug 22 01:54:53 UTC 2017
Hi Martin,
Please help drop this patch. After discussing with Zhixiong, we think
this patch is not necessary.
Best Regards,
Chen Qi
On 08/21/2017 03:09 PM, git at git.openembedded.org wrote:
> This is an automated email from the git hooks/post-receive script.
>
> martin_jansa pushed a commit to branch master-next
> in repository meta-openembedded.
>
> commit 13fef515d292ff571e5d68a8b1094e3f6d10a02a
> Author: Zhixiong Chi <zhixiong.chi at windriver.com>
> AuthorDate: Sun Aug 20 10:51:48 2017 +0800
>
> rsyslog: CVE-2015-3243
>
> rsyslog uses weak permissions for generating log files, which allows
> local users to obtain sensitive information by reading files in
> /var/log/cron.log
>
> We add "create 0600 root root" to the /etc/logrotate.d/syslog file,
> this will ensure the file is created with permissions when logrotate
> runs. It is also recommended that users manually set the permissions
> on existing or newly installed log files in order to prevent access
> by untrusted users.
> https://bugzilla.redhat.com/show_bug.cgi?id=1232826
>
> CVE: CVE-2015-3243
>
> Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
> Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
> ---
> meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
> index 94ec517..7960815 100644
> --- a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
> +++ b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
> @@ -23,6 +23,9 @@
> /var/log/user.log
> /var/log/lpr.log
> /var/log/cron.log
> +{
> + create 0600 root root
> +}
> /var/log/debug
> /var/log/messages
> {
>
More information about the Openembedded-commits
mailing list