From d802d780321f47fb691626286d60f3e7a2f70057 Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com>
Date: Sun, 20 Aug 2017 10:51:48 +0800
Subject: rsyslog: CVE-2015-3243

rsyslog uses weak permissions for generating log files, which allows
local users to obtain sensitive information by reading files in
/var/log/cron.log

We add "create 0600 root root" to the /etc/logrotate.d/syslog file,
this will ensure the file is created with permissions when logrotate
runs. It is also recommended that users manually set the permissions
on existing or newly installed log files in order to prevent access
by untrusted users.
https://bugzilla.redhat.com/show_bug.cgi?id=1232826

CVE: CVE-2015-3243

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
---
 meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
index 94ec517b21..7960815295 100644
--- a/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
+++ b/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog.logrotate
@@ -23,6 +23,9 @@
 /var/log/user.log
 /var/log/lpr.log
 /var/log/cron.log
+{
+        create 0600 root root
+}
 /var/log/debug
 /var/log/messages
 {
-- 
cgit 1.2.3-korg