Re: logger should be mode 700/744

[Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>]

Bernd Eckenfels:
> since every user can recompile her own version of logger (and which will
> work) there is no win from disabling users to use the debian binary. I'm not
> aware of a reserved-port enhancement to syslog (well, it won't be a big
> deal).

syslogd listens on udp port 514, but that can be disabled.  I think the
real problem is the /dev/log unix domain socket, which is mode 0666 (so
any user can send log messages) on every unix system I've seen so far.

Would it be possible to make it mode 0660, owned by a group allowed to
use syslog()?  Then make programs which need to log anything (and don't
already run as root) setgid to that group.  The method recommended in
the man page (sucker rod) looks somewhat unprofessional to me ;-).

Marek

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com