[ovs-dev,RFC,v2] make logs not readable by other

Message ID	7521438dc41b24f6234924c78f3ff6cd7e812357.1497882360.git.tredaelli@redhat.com
State	Accepted
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 89B357700 From: Timothy Redaelli <tredaelli@redhat.com> To: dev@openvswitch.org Date: Mon, 19 Jun 2017 16:50:21 +0200 Message-Id: <7521438dc41b24f6234924c78f3ff6cd7e812357.1497882360.git.tredaelli@redhat.com> Subject: [ovs-dev] [RFC PATCH v2] make logs not readable by other Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org

Message ID

7521438dc41b24f6234924c78f3ff6cd7e812357.1497882360.git.tredaelli@redhat.com

State

Accepted

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 89B357700
From: Timothy Redaelli <tredaelli@redhat.com>
To: dev@openvswitch.org
Date: Mon, 19 Jun 2017 16:50:21 +0200
Message-Id: <7521438dc41b24f6234924c78f3ff6cd7e812357.1497882360.git.tredaelli@redhat.com>
Subject: [ovs-dev] [RFC PATCH v2] make logs not readable by other
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

Commit Message

Timothy Redaelli June 19, 2017, 2:50 p.m. UTC

The Open vSwitch log directory and files are currently set world readable.

However, since only Open vSwitch users and processes need to access this
directory and these files there is no need to allow the world to access them,
since it can result in the exposure of sensitive information.

Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
---

Changes since v1:
 * Change spec file for commit 2f4f43bfddfd ("rhel: fix the fedora spec").
 * Make logs group- as well as owner-readable.

Please deprecate "[RFC] make logs readable only by owner" since subject has
changed

 lib/vlog.c                      | 2 +-
 rhel/openvswitch-fedora.spec.in | 2 +-
 utilities/ovs-lib.in            | 5 +++--
 utilities/ovs-pki.in            | 2 +-
 4 files changed, 6 insertions(+), 5 deletions(-)

Comments

Ben Pfaff July 10, 2017, 6:27 p.m. UTC | #1

On Mon, Jun 19, 2017 at 04:50:21PM +0200, Timothy Redaelli wrote:
> The Open vSwitch log directory and files are currently set world readable.
> 
> However, since only Open vSwitch users and processes need to access this
> directory and these files there is no need to allow the world to access them,
> since it can result in the exposure of sensitive information.
> 
> Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
> ---
> 
> Changes since v1:
>  * Change spec file for commit 2f4f43bfddfd ("rhel: fix the fedora spec").
>  * Make logs group- as well as owner-readable.
> 
> Please deprecate "[RFC] make logs readable only by owner" since subject has
> changed

I applied this to master.  Thanks!

diff --git a/lib/vlog.c b/lib/vlog.c
index 333337b10..2a60ca34a 100644
--- a/lib/vlog.c
+++ b/lib/vlog.c
@@ -360,7 +360,7 @@  vlog_set_log_file(const char *file_name)
     new_log_file_name = (file_name
                          ? xstrdup(file_name)
                          : xasprintf("%s/%s.log", ovs_logdir(), program_name));
-    new_log_fd = open(new_log_file_name, O_WRONLY | O_CREAT | O_APPEND, 0666);
+    new_log_fd = open(new_log_file_name, O_WRONLY | O_CREAT | O_APPEND, 0660);
     if (new_log_fd < 0) {
         VLOG_WARN("failed to open %s for logging: %s",
                   new_log_file_name, ovs_strerror(errno));
diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
index f822ad3ca..3a045d304 100644
--- a/rhel/openvswitch-fedora.spec.in
+++ b/rhel/openvswitch-fedora.spec.in
@@ -231,7 +231,7 @@  rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=$RPM_BUILD_ROOT
 
 install -d -m 0755 $RPM_BUILD_ROOT%{_rundir}/openvswitch
-install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch
+install -d -m 0750 $RPM_BUILD_ROOT%{_localstatedir}/log/openvswitch
 install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch
 
 install -p -D -m 0644 \
diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in
index 93085ca58..8665698bb 100644
--- a/utilities/ovs-lib.in
+++ b/utilities/ovs-lib.in
@@ -150,13 +150,14 @@  version_geq() {
 
 install_dir () {
     DIR="$1"
+    INSTALL_MODE="${2:-755}"
     INSTALL_USER="root"
     INSTALL_GROUP="root"
     [ "$OVS_USER" != "" ] && INSTALL_USER="${OVS_USER%:*}"
     [ "${OVS_USER##*:}" != "" ] && INSTALL_GROUP="${OVS_USER##*:}"
 
     if test ! -d "$DIR"; then
-        install -d -m 755 -o "$INSTALL_USER" -g "$INSTALL_GROUP" "$DIR"
+        install -d -m "$INSTALL_MODE" -o "$INSTALL_USER" -g "$INSTALL_GROUP" "$DIR"
         restorecon "$DIR" >/dev/null 2>&1
     fi
 }
@@ -174,7 +175,7 @@  start_daemon () {
     cd "$DAEMON_CWD"
 
     # log file
-    install_dir "$logdir"
+    install_dir "$logdir" "750"
     set "$@" --log-file="$logdir/$daemon.log"
 
     # pidfile and monitoring
diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index d5ce1dccf..4f6941865 100755
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -206,7 +206,7 @@  esac
 
 logdir=$(dirname "$log")
 if test ! -d "$logdir"; then
-    mkdir -p -m755 "$logdir" 2>/dev/null || true
+    mkdir -p -m750 "$logdir" 2>/dev/null || true
     if test ! -d "$logdir"; then
         echo "$0: log directory $logdir does not exist and cannot be created" >&2
         exit 1

[ovs-dev,RFC,v2] make logs not readable by other

Commit Message

Comments

Patch