[oe] [meta-oe][PATCH] rsyslog: CVE-2015-3243
Zhixiong Chi
zhixiong.chi at windriver.com
Sun Aug 20 02:51:48 UTC 2017
rsyslog uses weak permissions for generating log files, which allows
local users to obtain sensitive information by reading files in
/var/log/cron.log
We add "create 0600 root root" to the /etc/logrotate.d/syslog file,
this will ensure the file is created with permissions when logrotate
runs. It is also recommended that users manually set the permissions
on existing or newly installed log files in order to prevent access
by untrusted users.
https://bugzilla.redhat.com/show_bug.cgi?id=1232826
CVE: CVE-2015-3243
Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
---
meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
index 94ec517..7960815 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
@@ -23,6 +23,9 @@
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
+{
+ create 0600 root root
+}
/var/log/debug
/var/log/messages
{
--
1.9.1
More information about the Openembedded-devel
mailing list