lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20110131201415.GB30479@marc.osknowledge.org>
Date:	Mon, 31 Jan 2011 21:14:15 +0100
From:	Marc Koschewski <marc@...nowledge.org>
To:	Gergely Nagy <algernon@...abit.hu>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Syslog-NG Fails as of Kernel 2.6.38-rc1

* Gergely Nagy <algernon@...abit.hu> [2011-01-28 11:21:36 +0100]:

I wonder why Linus himself didn't come up on this. I remember him saying that
breaking userspace is crap a thousand times. And this thing here bugs me a lot!

As far as I remember the kmsg rights-thing was only for some just-in-case attack
scenario - what's absolutely _no_ reason to break userspace _now_.

Regards,
	Marc

> > > The following appears in dmesg from kernels 2.6.38-rc1 to
> > > 2.6.38-rc2-git5 (Not an issue in 2.6.37 stable):
> 
> [...]
> 
> > > ----------
> > > ::Starting Syslg-NG            [BUSY] Error opening file for reading:
> > > filename '/proc/kmsg', error='Operation not permitted (1)'
> > > Error initializing source driver: source='src', id='src#2' Error
> > > initializing message pipline;
> > >                     [FAIL]
> 
> The problem is, that syslog-ng doesn't have the CAP_SYSLOG capability,
> only CAP_SYS_ADMIN, which was enough pre-2.6.38. In 2.6.38+ however, one
> needs CAP_SYSLOG (it was split out from CAP_SYS_ADMIN).
> 
> Which pretty much means that any userspace code that was using
> CAP_SYS_ADMIN to access /proc/kmsg will have to be updated to use
> CAP_SYSLOG (either instead, or in addition to CAP_SYS_ADMIN) in order to
> work on new kernels.
> 
> I find that quite unfortunate, to be honest, as older applications that
> aren't upgraded along with the kernel will simply break.
> 
> -- 
> |8]
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 
> 

-- 
Marc Koschewski
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ