This bug was fixed in the package rsyslog - 8.2010.0-1ubuntu2
---
rsyslog (8.2010.0-1ubuntu2) hirsute; urgency=medium
* debian/dmesg.service: Change /var/log/dmesg from 0644 to 0640
to adhere to new DMESG_RESTRICT restrictions. (LP: #1912122)
-- Matthew Ruffell Mon, 18 Jan
Hi Robie, I agree this probably isn't worth a SRU to Groovy, I just made
the packages available in the odd chance that they might be considered.
I will mark Groovy as won't fix.
Hirsute is what really matters in the end.
** Changed in: rsyslog (Ubuntu Groovy)
Status: In Progress => Won't
Is this really worth an SRU to Groovy? One could consider the change to
be fully implemented since Hirsute only, and Groovy will EOL before long
anyway. Otherwise there's a risk that we'll break users' existing
automation that is already live against Groovy.
--
You received this bug notification
Thanks @mruffell!
uploaded to g/h, with trivial modification of changing the g version
bump; for stable releases, ubuntuN should change to ubuntuN.1 instead of
ubuntuN+1.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Attached is a patch which changes /var/log/dmesg to 0640 on groovy. It
also contains Steve's recommendation to set the logrotate files to 0640.
** Patch added: "Debdiff for syslog on groovy"
Attached is a patch which changes /var/log/dmesg to 0640 on hirsute. It
also contains Steve's recommendation to set the logrotate files to 0640.
** Patch removed: "Debdiff for rsyslog on hirsute"
Oh, I was expecting that it would also be desirable to SRU this back to
focal, as I expected CONFIG_SECURITY_DMESG_RESTRICT to come back with
the HWE kernels, but looking at the config for linux-hwe-5.8, it appears
that the old behavior was kept.
--
You received this bug notification because you
The Ubuntu Security team would like to see this fixed, though it
probably would be worth adding the following change to the service file
so that on log rotation the permissions are corrected as well:
-ExecStartPre=-/usr/bin/savelog -q -p -n -c 5 /var/log/dmesg
+ExecStartPre=-/usr/bin/savelog
The attachment "Debdiff for rsyslog on hirsute" seems to be a debdiff.
The ubuntu-sponsors team has been subscribed to the bug report so that
they can review and hopefully sponsor the debdiff. If the attachment
isn't a patch, please remove the "patch" flag from the attachment,
remove the "patch"
** Tags added: sts-sponsor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912122
Title:
/var/log/dmesg is 0644, should be 0640 to match new DMESG_RESTRICT
restrictions
To manage notifications
Attached is a debdiff for Groovy to change /var/log/dmesg to 0640.
** Patch added: "Debdiff for syslog on groovy"
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1912122/+attachment/5454005/+files/lp1912122_groovy.debdiff
--
You received this bug notification because you are a member
Attached is a debdiff for hirsute to set /var/log/dmesg to 0640.
** Patch added: "Debdiff for rsyslog on hirsute"
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1912122/+attachment/5454004/+files/lp1912122_hirsute.debdiff
--
You received this bug notification because you are a
** Tags added: sts
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912122
Title:
/var/log/dmesg is 0644, should be 0640 to match new DMESG_RESTRICT
restrictions
To manage notifications about this
** Changed in: rsyslog (Ubuntu Hirsute)
Status: New => In Progress
** Changed in: rsyslog (Ubuntu Hirsute)
Importance: Undecided => Medium
** Changed in: rsyslog (Ubuntu Hirsute)
Assignee: (unassigned) => Matthew Ruffell (mruffell)
** Description changed:
[Impact]
In bug
14 matches
Mail list logo