From a84cefbe3f0129d461e43db3f7a3008a9066cae7 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Thu, 21 Apr 2016 15:24:36 -0700 Subject: [PATCH 1/2] Allow group and others to read from the log pipe. ASCII_PIPE logs are created with 0600 privileges. The owner of this pipe is `nobody` and the group is `nogroup`. This is very limiting and it makes impossible to use the pipe to read logs. Signed-off-by: David Calavera --- proxy/logging/LogFile.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy/logging/LogFile.cc b/proxy/logging/LogFile.cc index e700d2129e1..d65acf64a40 100644 --- a/proxy/logging/LogFile.cc +++ b/proxy/logging/LogFile.cc @@ -159,7 +159,7 @@ LogFile::open_file() if (m_file_format == LOG_FILE_PIPE) { // setup pipe - if (mkfifo(m_name, S_IRUSR | S_IWUSR) < 0) { + if (mkfifo(m_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0) { if (errno != EEXIST) { Error("Could not create named pipe %s for logging: %s", m_name, strerror(errno)); return LOG_FILE_COULD_NOT_CREATE_PIPE; From c88e76c118e8ee439ffedaea90dbbdcd60684e78 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Wed, 27 Apr 2016 12:41:31 -0700 Subject: [PATCH 2/2] Remove read access to the log pipe to everyone else but owner and group. Signed-off-by: David Calavera --- proxy/logging/LogFile.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy/logging/LogFile.cc b/proxy/logging/LogFile.cc index d65acf64a40..2fcdfe15c51 100644 --- a/proxy/logging/LogFile.cc +++ b/proxy/logging/LogFile.cc @@ -159,7 +159,7 @@ LogFile::open_file() if (m_file_format == LOG_FILE_PIPE) { // setup pipe - if (mkfifo(m_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0) { + if (mkfifo(m_name, S_IRUSR | S_IWUSR | S_IRGRP) < 0) { if (errno != EEXIST) { Error("Could not create named pipe %s for logging: %s", m_name, strerror(errno)); return LOG_FILE_COULD_NOT_CREATE_PIPE;