-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log files are world-writable. #16
Comments
Hi @natedogith1 , thanks for raising the issue. I can explain the rationale for having the logs writable by other users in the Agent for SAP. The onetime executions(such as backint, hanadiskbackup etc) can be run by multiple users on the machine. Let us take a scenario where
If the log file did not have a world write the log to write would fail for any user other than the one who created it. Let me know if this addresses your concerns. |
Our security requirements (based off of CIS Benchmarks) requires that all world-writable directories have their sticky bit set and that there are no world writable files. I haven't seen this issue before with other software, but if this is a requirement we can probably document an exception. |
Thanks - We will add comments in code and update public docs indicating why we do this. |
The log files are set to world-writable. It looks like this is done here:
sapagent/internal/onetime/onetime.go
Line 158 in 1e926c3
These log files are triggering security findings.
The text was updated successfully, but these errors were encountered: