r1118 - in trunk/BOOK: . chapter01 chapter04 chapter06 chapter07
robert at linuxfromscratch.org
robert at linuxfromscratch.org
Fri May 25 02:24:29 MDT 2007
Author: robert
Date: 2007-05-25 02:24:29 -0600 (Fri, 25 May 2007)
New Revision: 1118
Modified:
trunk/BOOK/chapter01/changelog.xml
trunk/BOOK/chapter04/patches.xml
trunk/BOOK/chapter06/sysklogd.xml
trunk/BOOK/chapter07/bootscripts.xml
trunk/BOOK/general.ent
trunk/BOOK/packages.ent
trunk/BOOK/patches.ent
Log:
Bumped to lfs-bootscripts-3.2.2. Finally added privilege separation for Sysklogd.
Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml 2007-05-23 11:29:45 UTC (rev 1117)
+++ trunk/BOOK/chapter01/changelog.xml 2007-05-25 08:24:29 UTC (rev 1118)
@@ -49,6 +49,17 @@
-->
<listitem>
+ <para>May 25th, 2007</para>
+ <itemizedlist>
+ <listitem>
+ <para>[robert]: Bumped to lfs-bootscripts-3.2.2. Added privilege
+ separation patch for Sysklogd and lfs-bootscripts. News users,
+ groups, and chroot directories to match.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>May 23th, 2007</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/chapter04/patches.xml
===================================================================
--- trunk/BOOK/chapter04/patches.xml 2007-05-23 11:29:45 UTC (rev 1117)
+++ trunk/BOOK/chapter04/patches.xml 2007-05-25 08:24:29 UTC (rev 1118)
@@ -267,6 +267,15 @@
</varlistentry>
<varlistentry>
+ <term>LFS Boot Scripts Sysklogd Privilege Separation Patch - <token>&lfs-bootscripts_sysklogd_piv_sep-patch-size;</token>:</term>
+ <listitem>
+ <para>Download: <ulink url="&patches-root;&lfs-bootscripts_sysklogd_piv_sep-patch;"/></para>
+ <para>MD5 sum: <literal>&lfs-bootscripts_sysklogd_piv_sep-patch-md5;</literal></para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
<term>Mktemp Tempfile Patch - <token>&mktemp-add_tempfile-patch-size;</token>:</term>
<listitem>
<para>Download: <ulink url="&patches-root;&mktemp-add_tempfile-patch;"/></para>
@@ -340,14 +349,22 @@
</varlistentry>
<varlistentry>
- <term>Sysklogd Fixes Patch - <token>&sysklogd-fixes-patch-size;</token>:</term>
+ <term>Sysklogd Community Fixes Patch - <token>&sysklogd-community_fixes-patch-size;</token>:</term>
<listitem>
- <para>Download: <ulink url="&patches-root;&sysklogd-fixes-patch;"/></para>
- <para>MD5 sum: <literal>&sysklogd-fixes-patch-md5;</literal></para>
+ <para>Download: <ulink url="&patches-root;&sysklogd-community_fixes-patch;"/></para>
+ <para>MD5 sum: <literal>&sysklogd-community_fixes-patch-md5;</literal></para>
</listitem>
</varlistentry>
<varlistentry>
+ <term>Sysklogd Privilege Separation Patch - <token>&sysklogd-priv_sep-patch-size;</token>:</term>
+ <listitem>
+ <para>Download: <ulink url="&patches-root;&sysklogd-priv_sep-patch;"/></para>
+ <para>MD5 sum: <literal>&sysklogd-priv_sep-patch-md5;</literal></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>Texinfo Tempfile Patch - <token>&texinfo-tempfile_fix-patch-size;</token>:</term>
<listitem>
<para>Download: <ulink url="&patches-root;&texinfo-tempfile_fix-patch;"/></para>
Modified: trunk/BOOK/chapter06/sysklogd.xml
===================================================================
--- trunk/BOOK/chapter06/sysklogd.xml 2007-05-23 11:29:45 UTC (rev 1117)
+++ trunk/BOOK/chapter06/sysklogd.xml 2007-05-25 08:24:29 UTC (rev 1118)
@@ -25,14 +25,36 @@
<sect2 role="installation">
<title>Installation of Sysklogd</title>
- <para>The following patch fixes various issues, including a problem building
- Sysklogd with Linux 2.6 series kernels:</para>
+ <para>The following patch is combined from Sysklogd-CVS, and several Linux
+ distributions, and includes numerous bug and vulnerability fixes:</para>
-<screen><userinput>patch -Np1 -i ../&sysklogd-fixes-patch;</userinput></screen>
+<screen><userinput>patch -Np1 -i ../&sysklogd-community_fixes-patch;</userinput></screen>
+ <para role="misc">This patch adds privilege separation for the
+ <command>syslogd</command> and <command>klogd</command> daemons, so they
+ are able to change root and drop to regular user privileges after opening
+ log files and network sockets:</para>
+
+<screen role="misc"><userinput>patch -Np1 -i ../&sysklogd-priv_sep-patch;</userinput></screen>
+
+ <para role="misc">The privilege separation will also require new users,
+ groups, and directories to be added. These users do not need privileges to
+ log in or read their chroot directory:</para>
+
+<screen role="misc"><userinput>cat >> /etc/passwd << "EOF"
+<literal>syslogd:x:16:16:System Log Daemon:/var/lib/syslogd:/sbin/nologin
+klogd:x:17:17:Kernel Log Daemon:/var/lib/klogd:/sbin/nologin</literal>
+EOF
+cat >> /etc/groups << "EOF"
+<literal>syslogd:x:16:
+klogd:x:17:</literal>
+EOF
+install -d -m0000 /var/lib/syslogd
+install -d -m0000 /var/lib/klogd</userinput></screen>
+
<para>Compile the package:</para>
-<screen><userinput>make RPM_OPT_FLAGS="-D_FORTIFY_SOURCE=0"</userinput></screen>
+<screen><userinput>make</userinput></screen>
<para>This package does not come with a test suite.</para>
Modified: trunk/BOOK/chapter07/bootscripts.xml
===================================================================
--- trunk/BOOK/chapter07/bootscripts.xml 2007-05-23 11:29:45 UTC (rev 1117)
+++ trunk/BOOK/chapter07/bootscripts.xml 2007-05-25 08:24:29 UTC (rev 1118)
@@ -35,6 +35,11 @@
<sect2 role="installation">
<title>Installation of LFS-Bootscripts</title>
+ <para role="misc">If you applied the Sysklogd Privilege Separation patch,
+ then apply this patch to start the daemons with the correct options:</para>
+
+<screen role="misc"><userinput>patch -Np1 -i ../&lfs-bootscripts_sysklogd_piv_sep-patch;</userinput></screen>
+
<para>Install the package:</para>
<screen><userinput>make install</userinput></screen>
Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent 2007-05-23 11:29:45 UTC (rev 1117)
+++ trunk/BOOK/general.ent 2007-05-25 08:24:29 UTC (rev 1118)
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
-<!ENTITY version "SVN-20070523">
-<!ENTITY releasedate "May 23rd, 2007">
+<!ENTITY version "SVN-20070525">
+<!ENTITY releasedate "May 25th, 2007">
<!ENTITY milestone "1.1">
<!ENTITY lfs-root "http://www.linuxfromscratch.org/">
Modified: trunk/BOOK/packages.ent
===================================================================
--- trunk/BOOK/packages.ent 2007-05-23 11:29:45 UTC (rev 1117)
+++ trunk/BOOK/packages.ent 2007-05-25 08:24:29 UTC (rev 1118)
@@ -203,9 +203,9 @@
<!ENTITY less-url "http://www.greenwoodsoftware.com/less/less-&less-version;.tar.gz">
<!ENTITY less-home "http://www.greenwoodsoftware.com/less/">
-<!ENTITY lfs-bootscripts-version "3.2.1">
+<!ENTITY lfs-bootscripts-version "3.2.2">
<!ENTITY lfs-bootscripts-size "32 KB">
-<!ENTITY lfs-bootscripts-md5 "72313b82210735d7fd22083843eee90a">
+<!ENTITY lfs-bootscripts-md5 "3a0a7a1a402a9f671792b762897d9b4e">
<!ENTITY lfs-bootscripts-url "http://downloads.linuxfromscratch.org/lfs-bootscripts-&lfs-bootscripts-version;.tar.bz2">
<!ENTITY lfs-bootscripts-home " ">
Modified: trunk/BOOK/patches.ent
===================================================================
--- trunk/BOOK/patches.ent 2007-05-23 11:29:45 UTC (rev 1117)
+++ trunk/BOOK/patches.ent 2007-05-25 08:24:29 UTC (rev 1118)
@@ -126,6 +126,10 @@
<!ENTITY less-signal_fix-patch-md5 "ef8f5750b1ef047e6a06cd4ea23068b0">
<!ENTITY less-signal_fix-patch-size "4 KB">
+<!ENTITY lfs-bootscripts_sysklogd_piv_sep-patch "lfs-bootscripts-&lfs-bootscripts-version;-sysklogd_piv_sep-1.patch">
+<!ENTITY lfs-bootscripts_sysklogd_piv_sep-patch-md5 "168e9862ab9fad33b40a074edf88f90f">
+<!ENTITY lfs-bootscripts_sysklogd_piv_sep-patch-size "4 KB">
+
<!ENTITY mktemp-add_tempfile-patch "mktemp-&mktemp-version;-add_tempfile-3.patch">
<!ENTITY mktemp-add_tempfile-patch-md5 "65d73faabe3f637ad79853b460d30a19">
<!ENTITY mktemp-add_tempfile-patch-size "3.5 KB">
@@ -162,10 +166,14 @@
<!ENTITY shadow-useradd_fix-patch-md5 "5f35528f38d5432d5fa2dd79d04bdfdd">
<!ENTITY shadow-useradd_fix-patch-size "8 KB">
-<!ENTITY sysklogd-fixes-patch "sysklogd-&sysklogd-version;-fixes-2.patch">
-<!ENTITY sysklogd-fixes-patch-md5 "ed5b25ca9a4eeb4f4f82b300a27b1ef4">
-<!ENTITY sysklogd-fixes-patch-size "32 KB">
+<!ENTITY sysklogd-community_fixes-patch "sysklogd-&sysklogd-version;-community_fixes-1.patch">
+<!ENTITY sysklogd-community_fixes-patch-md5 "6f7d319be62271d66375209c018c21d2">
+<!ENTITY sysklogd-community_fixes-patch-size "56 KB">
+<!ENTITY sysklogd-priv_sep-patch "sysklogd-&sysklogd-version;-priv_sep-2.patch">
+<!ENTITY sysklogd-priv_sep-patch-md5 "30846fb8c04d0060302d14d8c3cf5329">
+<!ENTITY sysklogd-priv_sep-patch-size "16 KB">
+
<!ENTITY texinfo-tempfile_fix-patch "texinfo-&texinfo-version;-tempfile_fix-1.patch">
<!ENTITY texinfo-tempfile_fix-patch-md5 "559bda136a2ac7777ecb67511227af85">
<!ENTITY texinfo-tempfile_fix-patch-size "2.3 KB">
More information about the hlfs-book
mailing list