This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Don't set sticky bit on /var/log


On Aug 27 20:35, Corinna Vinschen wrote:
> On Aug 27 19:11, Jon TURNEY wrote:
> > 
> > For the purposes of discussion, attached is a patch which changes
> > the mode which setup gives /var/log from 1777 to 0777.
> > 
> > See this thread [1] for why I think I want to do this.
> > 
> > I haven't thought at all about the security implications of this change at all.
> > 
> > I have observed that /var/log has mode 0755 on a couple of linux
> > systems I've looked at.
> > 
> > It looks like the setting of mode 1777 was added by Corrina on
> 
> s/rrin/rinn/
> 
> > 2008-08-20, I'm guessing as part of the Cygwin 1.7 changes.
> > 
> > [1] http://cygwin.com/ml/cygwin-xfree/2010-08/msg00090.html
> 
> The problem is in fact one of security.  If the directory has 0777
> permissions, everyone can remove log files from everyone else.  That's
> hardly feasible, especially given service logs and stuff.
> 
> May I suggest to follow the basic route you outlined in the
> aforementioned mail?  Create a subdir /var/log/XWin with 0777
> permissions and use that to create the XWin logs.  is there some way to
> set this as global setting right from the package installation?

Here's another idea.  What about making the default logfile name
user-specific, as in

  /var/log/XWin.$USER.$DISPLAY.log

?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]