From 3cb5210cdac46fb8805d4028df16f5889f393a09 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 8 Jul 2015 09:20:58 +0000 Subject: main/rsyslog: fix default permissions (CVE-2015-3243) ref #4406 --- main/rsyslog/APKBUILD | 8 ++++---- main/rsyslog/rsyslog.conf | 7 +++++++ 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'main/rsyslog') diff --git a/main/rsyslog/APKBUILD b/main/rsyslog/APKBUILD index d336a6864d..e934e30cd2 100644 --- a/main/rsyslog/APKBUILD +++ b/main/rsyslog/APKBUILD @@ -3,7 +3,7 @@ # Contributor: cbanta@gmail.com pkgname=rsyslog pkgver=8.9.0 -pkgrel=1 +pkgrel=2 pkgdesc="Enhanced multi-threaded syslogd with database support and more." url="http://www.rsyslog.com/" arch="all" @@ -100,20 +100,20 @@ md5sums="b9e10a3ea9d52b4fa9bbbf540d313970 rsyslog-8.9.0.tar.gz 67b8afd572b4103b39b54a729b880b53 rsyslog.initd 0a0aef98f677364e6178c34274df7723 rsyslog.confd bc43debc9ffdf66bc1409025fd3d1176 rsyslog.logrotate -65fbf5a7a81a53a70974e3085e96cb41 rsyslog.conf +ea6f8af41d13c4278bb7788e715f2372 rsyslog.conf 05a0995f5cbe241720aaf6b149860286 musl-fix.patch aafafdf4502f5e4de5fcfebd21499700 gnutls-3.4.0.patch" sha256sums="eab00e8e758cd9dd33b3e2cf6af80297d1951dc7db37bd723a6488a35d577adc rsyslog-8.9.0.tar.gz 223d4bdb69760ef5a9a044d68434c805cd15e31fa190a86f5f283912d0baf6d6 rsyslog.initd c476c2180fcceaf581d26d2da6201fbe7a2b9fc89c58456fdb3bdaf18a4cbb56 rsyslog.confd f0effc19bd1f1bfa367d65d6516c73509cb34545157b9e91cf6e437685dd3fe5 rsyslog.logrotate -559a8221d2ef9376a77e08de05206f3d2214a81fa88649f5bca2a1207f8918c5 rsyslog.conf +05bc12785e418db424d6b29133a2e44c3422953a5bc5850e4881baa5726fdbce rsyslog.conf feda2d9ca6c788e375116b6c43b6c4ac5debe83dab0efcfc9a47216c9af36599 musl-fix.patch 540530796fd535889ef1a1741ad06e3a0ab4441247396f89ebb06010ce9c102e gnutls-3.4.0.patch" sha512sums="942cccc2cbe147572cc2d346ac330d80c86915757b2b7a380829f0b40294d7e4afd4887d5066821af1e059cd78cdb38520fc9d28b55daa7afcd0e5b2e6bd9a5d rsyslog-8.9.0.tar.gz 9a4b184076a82e0899da79ab3749e1c67eac03f36c4460d34ed0385f4a3ffad53681a1cc25dd514e835c9399a9abd01c235743535ad549d5be7f66d9e127b9dc rsyslog.initd c216674e6867d655c2c09b6205071591ae2b1611ad5dd0346e682733abafa8a1be261fdd9bb985bb5d05d5bfa708a68262b1a94e654a2c18d352fd02d6f950a3 rsyslog.confd d54377ddf39197656811a84272568ea761f984e19dd04fc54f372dd04a9244e66d02b26ab33073d0344d054f031660ec611f3c7a18c266e7b68cef5e2c47f06f rsyslog.logrotate -032ccce1850bc89fb37b4b23f1607ce73086ff2b057838a1b83e36751ee0412c537fc0c9cbc2c6e8098311e6a04569c7fc7f7dea80111e8c8623b3b0cc3cccd1 rsyslog.conf +5163bdd7612c3c407a7d42106ef52ff64f2051afb683d6d7fda26a22591c8cc2e787c1d7baebd563fc48a7ff1fe5b6046952c1d32c28949059ded04b4ecd0bbb rsyslog.conf d5f16d624b40fcd68f689bb65cfad8f537b35f3d7f9c4453c472b21437964442baf0846b3658a6cdd2e0d44b60085140deffc68cf9e3c460bcc5db40cf142ee1 musl-fix.patch b0e2fc464c840211acef0da481fed5eb594d5bee62672fbccf379efcf3f88c3acee5efd8c51671508feaf2edacd05426766577c94e733479a90a58f68f4fc8a4 gnutls-3.4.0.patch" diff --git a/main/rsyslog/rsyslog.conf b/main/rsyslog/rsyslog.conf index 19187467b3..38d0e4b73a 100644 --- a/main/rsyslog/rsyslog.conf +++ b/main/rsyslog/rsyslog.conf @@ -6,6 +6,13 @@ $ModLoad immark.so # provides --MARK-- message capability $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) $ModLoad imklog.so # kernel logging (formerly provided by rklogd) +# default permissions for all log files. +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + # Include configuration files from directory $IncludeConfig /etc/rsyslog.d/* -- cgit v1.2.3