Should syslog's openlog() be called before or after seteuid/setegid
Question
The code I have calls openlog() once, before altering the effective uid/gid of the program (a daemon). From a security standpoint, or a predictability standpoint, would calling openlog() after setting the effective uid/gid be better?
I'm guessing on most platforms openlog() will open a Unix Socket to syslogd? Are permissions on this likely too restrictive to allow the socket to be opened by system users.
1 answers
solution1
1 ACCPTED 2015-04-26 11:04:28
Perhaps someone has a specific case where openlog requires elevated privileges, but I found none (and have in mind lynx , which used to have this in its compiled-in default features - up til 2009 ). daemons (see this page) do not have to run as root, and often use the feature.
The book The Hacker's Handbook: The Strategy Behind Breaking into and Defending Networks cites openlog and its associated functions as a vulnerability,
which allow an attacker to inject "counterfeit" syslog messages into a log file
Given that, ensuring that there are no weaknesses in your application is doubly important (since there is always the possibility of becoming an agent of some other program's intrusion).
So the answer seems to be that no, there may be no need to do this, but dropping privileges early is always a good rule. If you find a specific case where you need the privileges, that is the point at which to reconsider their use.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.