Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2024-03-22T10:00:56Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/3296kea-dhcp4 changes filesystem access permissions on log directory2024-03-22T10:00:56ZCarsten Strotmannkea-dhcp4 changes filesystem access permissions on log directory---
name: kea-dhcp4 changes filesystem access permissions on log directory
about: Create a report to help us improve
---
**Describe the bug**
Kea-DHCP4 changes the access permissions on the directory for logfiles in the logger stateme...---
name: kea-dhcp4 changes filesystem access permissions on log directory
about: Create a report to help us improve
---
**Describe the bug**
Kea-DHCP4 changes the access permissions on the directory for logfiles in the logger statement. It removes "read" and "execute/list" (r-x) permissions for "other"
**To Reproduce**
* Change the access permissions on the log directory so that all users/processes can read/list the log directory
* Restart Kea-DHCP
* List the access permissions on the log directory. The access permissions for "other" are removed
**Expected behavior**
Kea-DHCP4 (possible other Kea processes as well) will not touch the access permissions on the log directory
**Environment:**
- Kea version:
2.4.1
tarball
linked with:
log4cplus 1.2.0
OpenSSL 1.1.1k FIPS 25 Mar 2021
database:
MySQL backend 19.0, library 10.5.5
PostgreSQL backend 18.0, library 130011
Memfile backend 3.0
- Red Hat EL 8 x86_64 (ISC Open Source Packages)
**Additional Information**
Use case: Stork agent cannot read the Kea-DHCP4 logfile in the standard configuration (as delivered in the ISC provided open source RPM packages).
This issue have been found while trying to give the stork-agent access to the Kea-DHCP4 logfile.
**Workaround:**
Change the group ownership of the logfile to group name "kea", then change the systemd-unit for "isc-stork-agent" to start the stork-agent as group "kea".
```
[Service]
Group=kea
...
```
If the removal of the access permissions for "other" is to be expected (no bug), then I recommend to adjust the stork-agent systemd unit to have stork-agent started with permissions that allow access to the Kea log files.https://gitlab.isc.org/isc-projects/kea/-/issues/3220Debian apt repository setup installs `apt-transport-https` dummy package2024-03-14T14:31:13ZDirk HeinrichsDebian apt repository setup installs `apt-transport-https` dummy packagePlease stop installing that package. It's a dummy since Debian Buster/Ubuntu 18.04.Please stop installing that package. It's a dummy since Debian Buster/Ubuntu 18.04.outstandingTomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/3179kea fails to log to syslog if run as non-root user2024-03-22T13:43:03ZLars Wendlerkea fails to log to syslog if run as non-root userWith the following config snippet
```
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [ { "output": "syslog" } ],
"severity": "INFO",
...With the following config snippet
```
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [ { "output": "syslog" } ],
"severity": "INFO",
"debuglevel": 0
}
]
```
kea won't log to syslog service once it's being started as non-root user. Simply starting kea as root makes it successfully log to syslog.
I am using the following syslogger: [sysklogd-2.4.4](https://github.com/troglobit/sysklogd)
I have found this problem being present in kea-2.4.1 and kea-2.5.4 and only tested the dhcp4 component of kea.kea2.5.8https://gitlab.isc.org/isc-projects/kea/-/issues/3056libdhcp_user_chk.so missing from isc-kea-hooks (2.4.0-isc20230630120747) pack...2023-09-23T09:04:56ZEddict NLlibdhcp_user_chk.so missing from isc-kea-hooks (2.4.0-isc20230630120747) package in Cloudsmith---
name: Bug report
about: Create a report to help us improve
---
**Describe the bug**
libdhcp_user_chk.so missing from isc-kea-hooks (2.4.0-isc20230630120747) package in Cloudsmith
**To Reproduce**
Steps to reproduce the behavior:
1...---
name: Bug report
about: Create a report to help us improve
---
**Describe the bug**
libdhcp_user_chk.so missing from isc-kea-hooks (2.4.0-isc20230630120747) package in Cloudsmith
**To Reproduce**
Steps to reproduce the behavior:
1. Add ISC Kea 2.4 Cloudsmith repository (https://dl.cloudsmith.io/public/isc/kea-2-4/deb/debian bookworm InRelease)
2. apt install (isc-kea and) isc-kea-hooks
3. there are 8 .so files in /usr/lib/x86_64-linux-gnu/kea/hooks/
4. libdhcp_user_chk.so is missing
**Expected behavior**
libdhcp_user_chk.so is installed as well
**Environment:**
- Kea version: 2.4.0 installed from repository
- OS: Debian GNU/Linux 12 (bookworm)
- Which features were compiled in: N/A
- If/which hooks where loaded in
**Additional Information**
N/A
**Contacting you**
How can ISC reach you to discuss this matter further? herenext-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/2495Kea uses predictable filenames for sockets in /tmp2023-07-05T10:39:19ZParide LegoviniKea uses predictable filenames for sockets in /tmpDebian maintainer of the Kea package here; this is a forward of Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014929 and Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/1863100.
---
The default Kea con...Debian maintainer of the Kea package here; this is a forward of Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014929 and Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/isc-kea/+bug/1863100.
---
The default Kea configuration files place control sockets under `/tmp`, e.g.:
```
+---
| "control-socket": {
| "socket-type": "unix",
| "socket-name": "/tmp/kea4-ctrl-socket"
| },
+---[ /etc/kea/kea-dhcp4.conf ]
```
This can be a security issue, especially given that the socket have fixed names, as any use can create a file/socket with that name under `/tmp`. Please move the control sockets to `/run/kea`. Thanks!next-stable-2.6