This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [PATCH] Don't set sticky bit on /var/log
On Aug 27 20:35, Corinna Vinschen wrote:
> On Aug 27 19:11, Jon TURNEY wrote:
> >
> > For the purposes of discussion, attached is a patch which changes
> > the mode which setup gives /var/log from 1777 to 0777.
> >
> > See this thread [1] for why I think I want to do this.
> >
> > I haven't thought at all about the security implications of this change at all.
> >
> > I have observed that /var/log has mode 0755 on a couple of linux
> > systems I've looked at.
> >
> > It looks like the setting of mode 1777 was added by Corrina on
>
> s/rrin/rinn/
>
> > 2008-08-20, I'm guessing as part of the Cygwin 1.7 changes.
> >
> > [1] http://cygwin.com/ml/cygwin-xfree/2010-08/msg00090.html
>
> The problem is in fact one of security. If the directory has 0777
> permissions, everyone can remove log files from everyone else. That's
> hardly feasible, especially given service logs and stuff.
>
> May I suggest to follow the basic route you outlined in the
> aforementioned mail? Create a subdir /var/log/XWin with 0777
> permissions and use that to create the XWin logs. is there some way to
> set this as global setting right from the package installation?
Here's another idea. What about making the default logfile name
user-specific, as in
/var/log/XWin.$USER.$DISPLAY.log
?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat