Back to bug 2127404
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2022-09-16 08:27:05 UTC | Pool ID | sst_security_special_projects_rhel_9 | |
| RHEL Program Management | 2022-09-16 08:27:13 UTC | Keywords | FutureFeature | |
| Attila Lakatos | 2022-09-16 08:29:00 UTC | CC | dapospis | |
| Keywords | Triaged | |||
| Summary | [RFE] Introduce libcap-ng inside rsyslog | Introduce libcap-ng inside rsyslog | ||
| Red Hat One Jira (issues.redhat.com) | 2022-09-16 08:36:36 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-134151 | |
| Red Hat One Jira (issues.redhat.com) | 2022-09-16 08:36:44 UTC | Link ID | Red Hat Issue Tracker SECENGSP-4790 | |
| Red Hat One Jira (issues.redhat.com) | 2022-09-16 08:50:36 UTC | Link ID | Red Hat Issue Tracker SECENGSP-4792 | |
| Attila Lakatos | 2022-09-16 09:06:40 UTC | Link ID | Red Hat Issue Tracker SECENGSP-4792 | |
| Red Hat One Jira (issues.redhat.com) | 2022-09-16 09:08:42 UTC | Link ID | Red Hat Issue Tracker SECENGSP-4792 | |
| Attila Lakatos | 2022-11-21 08:32:02 UTC | Status | NEW | ASSIGNED |
| Attila Lakatos | 2022-11-21 08:43:03 UTC | Doc Text | Feature: Drop capabilities to only the necessary set. Reason: Whilst it's possible for rsyslog to drop privileges by impersonating as another user and/or group after startup, there are some modules that explicitly require root user rights. Thus, it's necessary to drop the capabilities to only the necessary set, to minimize security exposure in case there was ever a mistake in a networking plugin or some other input resource. Result: Rsyslog is not running with full capability set but provides the exact same functionality. | |
| Doc Type | If docs needed, set a value | Enhancement | ||
| Attila Lakatos | 2022-11-28 07:44:48 UTC | Link ID | Gitlab redhat/centos-stream/rpms/rsyslog/-/merge_requests/18 | |
| Status | ASSIGNED | POST | ||
| Dalibor Pospíšil | 2022-12-07 14:53:19 UTC | QA Contact | qe-baseos-security | dapospis |
| Attila Lakatos | 2022-12-16 12:41:00 UTC | Status | POST | MODIFIED |
| AutoMiloš | 2022-12-16 13:31:45 UTC | Fixed In Version | rsyslog-8.2102.0-107.el9 | |
| Keywords | AutoVerified | |||
| errata-xmlrpc | 2022-12-19 11:53:51 UTC | Status | MODIFIED | ON_QA |
| Dalibor Pospíšil | 2022-12-21 09:44:52 UTC | Status | ON_QA | VERIFIED |
| Attila Lakatos | 2023-01-05 09:37:59 UTC | CC | pascal.tempier | |
| Flags | needinfo?(pascal.tempier) | |||
| Attila Lakatos | 2023-01-06 10:13:00 UTC | Flags | needinfo?(pascal.tempier) | |
| Comment 16 is private | 1 | 0 | ||
| Jonathan Kamens | 2023-01-12 08:10:24 UTC | CC | jik | |
| Jan Fiala | 2023-01-24 10:00:02 UTC | CC | jafiala | |
| Docs Contact | jafiala | |||
| Jan Fiala | 2023-03-09 14:00:38 UTC | Flags | needinfo?(alakatos) | |
| Doc Text | Feature: Drop capabilities to only the necessary set. Reason: Whilst it's possible for rsyslog to drop privileges by impersonating as another user and/or group after startup, there are some modules that explicitly require root user rights. Thus, it's necessary to drop the capabilities to only the necessary set, to minimize security exposure in case there was ever a mistake in a networking plugin or some other input resource. Result: Rsyslog is not running with full capability set but provides the exact same functionality. | .Rsyslog privileges are limited The privileges of the Rsyslog log processing system are now limited to only the necessary set that explicitly requires `root` user privileges. This minimizes security exposure in case of a potential error in input resources, for example a networking plugin. As a result, Rsyslog has the same functionality but does not have unnecessary privileges. |
||
| Attila Lakatos | 2023-03-10 08:24:30 UTC | Flags | needinfo?(alakatos) | needinfo?(jafiala) |
| Jan Fiala | 2023-03-10 10:43:38 UTC | Flags | needinfo?(jafiala) | |
| Doc Text | .Rsyslog privileges are limited The privileges of the Rsyslog log processing system are now limited to only the necessary set that explicitly requires `root` user privileges. This minimizes security exposure in case of a potential error in input resources, for example a networking plugin. As a result, Rsyslog has the same functionality but does not have unnecessary privileges. | .Rsyslog privileges are limited The privileges of the Rsyslog log processing system are now limited to only the necessary set that is explicitly required by Rsyslog. This minimizes security exposure in case of a potential error in input resources, for example a networking plugin. As a result, Rsyslog has the same functionality but does not have unnecessary privileges. |
||
| Jan Fiala | 2023-03-10 14:25:06 UTC | Doc Text | .Rsyslog privileges are limited The privileges of the Rsyslog log processing system are now limited to only the necessary set that is explicitly required by Rsyslog. This minimizes security exposure in case of a potential error in input resources, for example a networking plugin. As a result, Rsyslog has the same functionality but does not have unnecessary privileges. | .Rsyslog privileges are limited The privileges of the Rsyslog log processing system are now limited to only the privileges explicitly required by Rsyslog. This minimizes security exposure in case of a potential error in input resources, for example a networking plugin. As a result, Rsyslog has the same functionality but does not have unnecessary privileges. |
| Jan Fiala | 2023-04-11 16:36:26 UTC | Doc Text | .Rsyslog privileges are limited The privileges of the Rsyslog log processing system are now limited to only the privileges explicitly required by Rsyslog. This minimizes security exposure in case of a potential error in input resources, for example a networking plugin. As a result, Rsyslog has the same functionality but does not have unnecessary privileges. | .Rsyslog privileges are limited The privileges of the Rsyslog log processing system are now limited to only the privileges explicitly required by Rsyslog. This minimizes security exposure in case of a potential error in input resources, for example, a networking plugin. As a result, Rsyslog has the same functionality but does not have unnecessary privileges. |
| errata-xmlrpc | 2023-05-09 00:34:38 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2023-05-09 07:44:54 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-05-09 07:44:54 UTC | |||
| errata-xmlrpc | 2023-05-09 07:45:03 UTC | Link ID | Red Hat Product Errata RHBA-2023:2303 | |
| Pasi Karkkainen | 2023-05-14 13:20:23 UTC | CC | pasik | |
| richard.hickson | 2023-07-01 17:04:48 UTC | CC | richard.hickson |
Back to bug 2127404