Bug 680792

Summary: logrotate: Incorrect flags used for truncating of original log file in copytruncate mode (arbitrary file system truncation via symlink / hardlink attacks)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jkaluza, petr.uzel, tsmetana
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-11 06:31:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2011-02-27 19:31:37 UTC
It was found that logrotate utility used incorrect flags for truncation
of the original log file in place after creating a copy (copytruncate mode).
A local attacker could use this flaw to truncate arbitrary system file
(if the logrotate utility was run under privileged user account, root)
by performing symlink or hardlink attacks.