This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [PATCH] Don't set sticky bit on /var/log
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Date: Fri, 27 Aug 2010 20:35:04 +0200
- Subject: Re: [PATCH] Don't set sticky bit on /var/log
- References: <4C77FFCE.2050902@dronecode.org.uk>
- Reply-to: cygwin-apps at cygwin dot com
On Aug 27 19:11, Jon TURNEY wrote:
>
> For the purposes of discussion, attached is a patch which changes
> the mode which setup gives /var/log from 1777 to 0777.
>
> See this thread [1] for why I think I want to do this.
>
> I haven't thought at all about the security implications of this change at all.
>
> I have observed that /var/log has mode 0755 on a couple of linux
> systems I've looked at.
>
> It looks like the setting of mode 1777 was added by Corrina on
s/rrin/rinn/
> 2008-08-20, I'm guessing as part of the Cygwin 1.7 changes.
>
> [1] http://cygwin.com/ml/cygwin-xfree/2010-08/msg00090.html
The problem is in fact one of security. If the directory has 0777
permissions, everyone can remove log files from everyone else. That's
hardly feasible, especially given service logs and stuff.
May I suggest to follow the basic route you outlined in the
aforementioned mail? Create a subdir /var/log/XWin with 0777
permissions and use that to create the XWin logs. is there some way to
set this as global setting right from the package installation?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat