aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZhixiong Chi <zhixiong.chi@windriver.com>2017-08-20 10:51:48 +0800
committerMartin Jansa <Martin.Jansa@gmail.com>2017-08-31 15:22:57 +0200
commitd802d780321f47fb691626286d60f3e7a2f70057 (patch)
tree8faae8d29f3d142e71a96a106e873bb3cd1c169b
parent24230a7fe13ac91531361b829df0524d6d9cbadc (diff)
downloadmeta-openembedded-contrib-d802d780321f47fb691626286d60f3e7a2f70057.tar.gz
meta-openembedded-contrib-d802d780321f47fb691626286d60f3e7a2f70057.tar.bz2
meta-openembedded-contrib-d802d780321f47fb691626286d60f3e7a2f70057.zip
rsyslog: CVE-2015-3243
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.log We add "create 0600 root root" to the /etc/logrotate.d/syslog file, this will ensure the file is created with permissions when logrotate runs. It is also recommended that users manually set the permissions on existing or newly installed log files in order to prevent access by untrusted users. https://bugzilla.redhat.com/show_bug.cgi?id=1232826 CVE: CVE-2015-3243 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-rw-r--r--meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate3
1 files changed, 3 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
index 94ec517b21..7960815295 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
@@ -23,6 +23,9 @@
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
+{
+ create 0600 root root
+}
/var/log/debug
/var/log/messages
{