Bug 736054

Summary: logrotate has insufficient configuration syntax checking
Product: [Fedora] Fedora Reporter: Jan Kaluža <jkaluza>
Component: logrotateAssignee: Jan Kaluža <jkaluza>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jkaluza, matti.kurkela, tsmetana
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 736053 Environment:
Last Closed: 2012-01-04 10:42:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 736045, 736053    
Bug Blocks:    

Description Jan Kaluža 2011-09-06 14:34:08 UTC 
+++ This bug was initially created as a clone of Bug #736053 +++

+++ This bug was initially created as a clone of Bug #736045 +++

Created attachment 521678 [details]
My email to logrotate-owner

Description of problem:
Logrotate may inadvertently replace essential system files like /dev/null and /bin/kill with zero-length files if a single "{" character is omitted.

Version-Release number of selected component (if applicable):
logrotate-3.7.4 (according to logrotate changelog, still unfixed in logrotate-3.8.0, which is the current upstream version)

How reproducible:
always

Steps to Reproduce:
1. edit standard RHEL 5.6 /etc/logrotate.d/syslog configuration file, removing the "{" from the line that lists /var/log/secure and other syslog logfiles
2. run /etc/cron.daily/logrotate 

  
Actual results:
When "{" is missing, any valid filenames contained in the options block will be replaced with zero-length files, including /bin/kill, /var/run/[r]syslogd.pid, and /dev/null. 
Options that don't match to valid filenames will produce error messages, but logrotate will keep going.
The /var/lib/logrotate.state file will contain lines that indicate the "filenames" logrotate has attempted to rotate. (This will be useful in restoring the system to normal.)

Expected results:
Logrotate should detect an unexpected "}" character while parsing the configuration file, produce an error message about configuration file syntax error (e.g. "unexpected '}' in file %s line %d, possible missing '{' earlier"), and stop without rotating anything. Alternatively, ignoring the current included configuration file and/or all log files specified after the last valid { ... } block would be acceptable too.

Additional info:
I contacted Jan Kaluza (logrotate-owner). Email attached. He agreed this should be fixed.

--- Additional comment from jkaluza on 2011-09-06 10:32:16 EDT ---

Thanks for the report. It's already fixed in logrotate upstream repository and patch ([1] ,[2]) can be backported.

[1] https://fedorahosted.org/logrotate/changeset/344
[2] https://fedorahosted.org/logrotate/changeset/345