Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 19 Oct 2012 20:08:07 +0400
From: Vasily Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: klogd: EPERM

Hi,

It looks like unprivileged klogd doesn't work with OpenVZ's syslog
hardening patch.  Unprivileged daemon gets -EPERM on read() from
/proc/kmsg as it is handled as syslog(2, ...).  It still works with
upstream kernel as all syslog interfaces check permission on open()
only, not on read()/etc:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=002345925e6c45861f60db6f4fc6236713fd8847

I suppose we need this patch for Owl, both for current and stable.

Thanks,

-- 
Vasiliy

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ