[ovs-dev,RFC] make logs readable only by owner

Message ID be41432d52cb0095a048b84439e2506550df6c49.1489661081.git.tredaelli@redhat.com
State Superseded
Headers show

Commit Message

Timothy Redaelli March 16, 2017, 2:03 p.m.
The Open vSwitch log directory and files are currently set world readable.

However, since only Open vSwitch users and processes need to access this
directory and files there is no need to allow the world to access them,
since it can result in the exposure of sensitive information.

Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
---
 lib/vlog.c           | 2 +-
 utilities/ovs-lib.in | 5 +++--
 utilities/ovs-pki.in | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

I didn't change the MKDIR_P in automake.mk since it will be removed in
https://patchwork.ozlabs.org/patch/737029/

Comments

Ben Pfaff April 15, 2017, 4 a.m. | #1
On Thu, Mar 16, 2017 at 03:03:47PM +0100, Timothy Redaelli wrote:
> The Open vSwitch log directory and files are currently set world readable.
> 
> However, since only Open vSwitch users and processes need to access this
> directory and files there is no need to allow the world to access them,
> since it can result in the exposure of sensitive information.
> 
> Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
> ---
>  lib/vlog.c           | 2 +-
>  utilities/ovs-lib.in | 5 +++--
>  utilities/ovs-pki.in | 2 +-
>  3 files changed, 5 insertions(+), 4 deletions(-)
> 
> I didn't change the MKDIR_P in automake.mk since it will be removed in
> https://patchwork.ozlabs.org/patch/737029/

I agree with the intent of this patch.

On my Debian system, most logs are group- as well as owner-readable.
Are Red Hat systems different in this way?

Patch

diff --git a/lib/vlog.c b/lib/vlog.c
index 333337b..6f709fd 100644
--- a/lib/vlog.c
+++ b/lib/vlog.c
@@ -360,7 +360,7 @@  vlog_set_log_file(const char *file_name)
     new_log_file_name = (file_name
                          ? xstrdup(file_name)
                          : xasprintf("%s/%s.log", ovs_logdir(), program_name));
-    new_log_fd = open(new_log_file_name, O_WRONLY | O_CREAT | O_APPEND, 0666);
+    new_log_fd = open(new_log_file_name, O_WRONLY | O_CREAT | O_APPEND, 0600);
     if (new_log_fd < 0) {
         VLOG_WARN("failed to open %s for logging: %s",
                   new_log_file_name, ovs_strerror(errno));
diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in
index 93085ca..3e6f340 100644
--- a/utilities/ovs-lib.in
+++ b/utilities/ovs-lib.in
@@ -150,13 +150,14 @@  version_geq() {
 
 install_dir () {
     DIR="$1"
+    INSTALL_MODE="${2:-755}"
     INSTALL_USER="root"
     INSTALL_GROUP="root"
     [ "$OVS_USER" != "" ] && INSTALL_USER="${OVS_USER%:*}"
     [ "${OVS_USER##*:}" != "" ] && INSTALL_GROUP="${OVS_USER##*:}"
 
     if test ! -d "$DIR"; then
-        install -d -m 755 -o "$INSTALL_USER" -g "$INSTALL_GROUP" "$DIR"
+        install -d -m "$INSTALL_MODE" -o "$INSTALL_USER" -g "$INSTALL_GROUP" "$DIR"
         restorecon "$DIR" >/dev/null 2>&1
     fi
 }
@@ -174,7 +175,7 @@  start_daemon () {
     cd "$DAEMON_CWD"
 
     # log file
-    install_dir "$logdir"
+    install_dir "$logdir" "700"
     set "$@" --log-file="$logdir/$daemon.log"
 
     # pidfile and monitoring
diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index 7a992a5..2d4f370 100755
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -201,7 +201,7 @@  esac
 
 logdir=$(dirname "$log")
 if test ! -d "$logdir"; then
-    mkdir -p -m755 "$logdir" 2>/dev/null || true
+    mkdir -p -m700 "$logdir" 2>/dev/null || true
     if test ! -d "$logdir"; then
         echo "$0: log directory $logdir does not exist and cannot be created" >&2
         exit 1