Opened 6 months ago

Closed 6 months ago

#21729 closed enhancement (implemented)

make dedicated log file perms less verbose

Reported by: toralf Owned by:
Priority: Medium Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version: Tor: 0.3.0.4-rc
Severity: Minor Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I think, that the log file permissions are too weak in moment, this helps:

tfoerste@t44 ~/devel/tor $ cat /tmp/log640.patch
diff --git a/src/common/log.c b/src/common/log.c
index 5f7151b..f679336 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -1086,7 +1086,7 @@ add_file_log(const log_severity_list_t *severity, const char *filename,
   int open_flags = O_WRONLY|O_CREAT;
   open_flags |= truncate_log ? O_TRUNC : O_APPEND;
 
-  fd = tor_open_cloexec(filename, open_flags, 0644);
+  fd = tor_open_cloexec(filename, open_flags, 0640);
   if (fd<0)
     return -1;
   if (tor_fd_seekend(fd)<0) {

Child Tickets

Change History (3)

comment:1 Changed 6 months ago by nickm

Milestone: Tor: 0.3.1.x-final
Status: newneeds_review

Sure, may as well tighten this up. Got time to write a changes file?

comment:2 Changed 6 months ago by toralf

The content might be something like:

Log files should be written only by the owner, be read-only for the group and forbidden to read for all others.

comment:3 Changed 6 months ago by nickm

Resolution: implemented
Status: needs_reviewclosed

Applied as c000c7d118728a . Thanks!

Note: See TracTickets for help on using tickets.