[Bug 272552] Fix /var/log/messages and /var/run/dmesg.boot permissions when disabling read_msgbuf in the installer's hardening menu

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 272552] Fix /var/log/messages and /var/run/dmesg.boot permissions"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 20 Oct 2025 16:11:21 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272552

--- Comment #10 from commit-hook@FreeBSD.org ---
A commit in branch stable/13 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=549cba3c9d1e14fffa9a99ed7b6ee51eb6d20e51

commit 549cba3c9d1e14fffa9a99ed7b6ee51eb6d20e51
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-10-17 14:34:55 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-10-20 16:05:40 +0000

    rc: dmesg: Allow umask to be configurable

    Allow umask to be configurable.

    Being able to set the umask via an rc variable is useful when setting:

        security.bsd.unprivileged_read_msgbuf=0

    As it allows a user to configure:

        dmesg_umask="066"

    Without modifying the rc script, and preventing the contents of the
    $dmesg_file (/var/run/dmesg.boot) from being publicly readable.

    PR:             272552
    Reviewed by:    netchild
    MFC after:      2 days
    Differential Revision:  https://reviews.freebsd.org/D53169

    (cherry picked from commit edadbc6ee95570627679f3bc14a1d5476d0ce339)

 libexec/rc/rc.conf    | 1 +
 libexec/rc/rc.d/dmesg | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.