globaleaks / globaleaks-whistleblowing-software

GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.23k stars 272 forks source link

Restrict user permission on file logs #267

Open fpietrosanti opened 11 years ago

fpietrosanti commented 11 years ago

Log files are owned by globaleaks user. (To be checked)

This ticket is about enforcing log files permission by opening it as root user And then dropping privileges as globaleaks user.

evilaliv3 commented 11 years ago

currently this woluld probably involve an hackish solution.

also if current daemon is not based on a simple twistd, actual daemonizing solution relies on a lot of twistd code.

we need to investigfate for a clean solution based on twistd monkey patching and perhaps on the write of a strong custom daemon.

with this i'm also referring to the issue of knowing that globaleaks is completely started correctly, information that is now actualy lacking and limits init.d script functionality.

evilaliv3 commented 11 years ago

the most interesting solution actualy is to patch some classes of this file: http://twistedmatrix.com/trac/browser/tags/releases/twisted-13.0.0/twisted/application/app.py in particular classes AppLogger ApplicationRunner

this could be done simply by adding some little fixes on GLBaseRunner (https://github.com/globaleaks/GLBackend/blob/master/globaleaks/runner.py)

if it's ok i can proceed

fpietrosanti commented 11 years ago

mmmm, that may involve problems regarding the log rotate? As it would need to be able to rename log files and even delete it.

This would means making a logrotation profile for the debian and ubuntu logrotation profile, because our own logrotate should be then disabled.

mmmm, i'm not very convinced, maybe there's some other issue?

evilaliv3 commented 11 years ago

yes this could be a problem.

on a tipical daemon log rotation is done from an external daemon or crontab job (for example by logrotate one).

i don't see any solution for this, the only one i see is to have a custom daemon like the one i did on janus.

on janus the deamon is composed by:

by using a similar approach we could continue to have a self contained application.

what do you think?

fpietrosanti commented 11 years ago

This would require some major work and some other analysis, being a low impact stuff.

Moved outside Beta milestone