main/rsyslog: fix default permissions (CVE-2015-3243)

ref #4406
author: Natanael Copa <ncopa@alpinelinux.org> 2015-07-08 09:20:58 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2015-07-08 09:21:49 +0000
commit: 3cb5210cdac46fb8805d4028df16f5889f393a09 (patch)
tree: c3801ac6f16d49f6cbe45436fbc81701b17ecc32 /main/rsyslog/rsyslog.conf
parent: 2e69cac04a8d64d5065c248eb6fd078000434e17 (diff)
download: aports-3cb5210cdac46fb8805d4028df16f5889f393a09.tar.bz2
aports-3cb5210cdac46fb8805d4028df16f5889f393a09.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/main/rsyslog/rsyslog.conf b/main/rsyslog/rsyslog.conf
index 19187467b3..38d0e4b73a 100644
--- a/main/rsyslog/rsyslog.conf
+++ b/main/rsyslog/rsyslog.conf
@@ -6,6 +6,13 @@ $ModLoad immark.so # provides --MARK-- message capability
 $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
 $ModLoad imklog.so # kernel logging (formerly provided by rklogd)
 
+# default permissions for all log files.
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
 # Include configuration files from directory
 $IncludeConfig /etc/rsyslog.d/*
author	Natanael Copa <ncopa@alpinelinux.org>	2015-07-08 09:20:58 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2015-07-08 09:21:49 +0000
commit	3cb5210cdac46fb8805d4028df16f5889f393a09 (patch)
tree	c3801ac6f16d49f6cbe45436fbc81701b17ecc32 /main/rsyslog/rsyslog.conf
parent	2e69cac04a8d64d5065c248eb6fd078000434e17 (diff)
download	aports-3cb5210cdac46fb8805d4028df16f5889f393a09.tar.bz2 aports-3cb5210cdac46fb8805d4028df16f5889f393a09.tar.xz