Bug 2135581 - Threat model finding: logging chronyc unix socket commands.
Summary: Threat model finding: logging chronyc unix socket commands.
Keywords:
Status: ASSIGNED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: chrony
Version: 9.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Lichvar
QA Contact: rhel-cs-infra-services-qe
URL:
Whiteboard:
Depends On: 2231078
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-10-18 03:13 UTC by Wade Mealing
Modified: 2023-08-15 07:12 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-136796 0 None None None 2022-10-18 03:17:41 UTC

Comment 1 Miroslav Lichvar 2022-12-01 15:58:00 UTC
In the latest upstream code all important changes made by chronyc should be now logged, e.g. added/removed sources (including changes in sourcefiles) and access restrictions, reloaded keys, modified makestep, etc. To avoid spamming the log with unnecessary information it doesn't log commands that don't change anything important for chronyd operation (e.g. dumping sources) or already have a related log message (e.g. adding or removing a manual sample triggers the "making a frequency change/slew" message).

Comment 2 Miroslav Lichvar 2023-08-10 13:53:44 UTC
This issue will be fixed by rebase to chrony-4.4 (bug #2231078).


Note You need to log in before you can comment on or make changes to this bug.