Re: [arch-general] [arch-dev-public] [signoff] syslog-ng-3.0.1-1
Allan McRae wrote:
Gerardo Exequiel Pozzi wrote:
Pierre Schmitz wrote:
Does anybody know what this message in dmesg is about? Was syslog-ng compiled for i686?
warning: `syslog-ng' uses 32-bit capabilities (legacy support in use)
Very out-of-date libcap, not only syslog-ng, also proftpd, vsftpd, pulseaudio, ntpd, virtualbox, etc, etc...
http://www.archlinux.org/packages/extra/i686/libcap/ (for linux 2.4)
Need to have libcap2 package for kernel 2.6 in Arch Linux http://www.kernel.org/pub/linux/libs/security/linux-privs/
I was confused about this as libcap is in [extra] so how can it make problems with a package in [core]?
So going from this comment in the bug report about libcap (http://bugs.archlinux.org/task/11917#comment41046) I get...
readelf -s /usr/sbin/syslog-ng | grep cap 33: 00000000 0 FUNC GLOBAL DEFAULT UND capset@GLIBC_2.1 (4) 177: 00000000 0 FUNC GLOBAL DEFAULT UND capget@GLIBC_2.1 (4) 473: 08228bd8 4 OBJECT GLOBAL DEFAULT 26 OPENSSL_ia32cap_P
Looks like libcap is a soft dep there. How?
Then rebuild in clean chroot:
readelf -s syslog-ng | grep cap 467: 08221b18 4 OBJECT GLOBAL DEFAULT 26 OPENSSL_ia32cap_P
And then the dmesg warning goes away... So, the lesson to learn is to _always build in a clean chroot_!
Allan
Agree about clean chroot. But maybe this is useful, and more secure syslog-ng setup, because it drop some capabilities that don't use it ;) You can see the syslog-ng process running without capabilities enabled (from /proc/PID/status): CapPrm: fffffffffffffeff CapEff: fffffffffffffeff Capabilities for `27939': =ep cap_setpcap-ep ## getpcaps program from latest libcap Shows that have all capabilities, of course, i can't drop it. But running the syslog-ng, with capabilities enabled (accidentally enabled now) you can see, many capabilities are droped :) CapPrm: 0000000000202c06 CapEff: 0000000000200002 Capabilities for `23652': = cap_dac_override,cap_sys_admin+ep cap_dac_read_search,cap_net_bind_service,cap_net_broadcast,cap_net_raw+p More secure syslog-ng ;) OK, this isn't default behavior in Arch Linux, but... -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
participants (1)
-
Gerardo Exequiel Pozzi