Bug 73879

Summary: RFE: make logrotate robust against terminal wildcards
Product: [Retired] Red Hat Raw Hide Reporter: R P Herrold <herrold>
Component: logrotateAssignee: Elliot Lee <sopwith>
Status: CLOSED RAWHIDE QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0CC: srevivo
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-12-02 18:52:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description R P Herrold 2002-09-12 20:42:35 UTC 
Description of Problem:

logrotate is too fragile, in facilitating Denial of Service (inode depletion
forkbombs) when used with a globbing of [\*]$ in an entry

Version-Release number of selected component (if applicable):

all recent

How Reproducible:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=68917
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=68422
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=68096

- samba, mgetty, mailman
have ALL suffered from this in recent years when a packager who does not
understand the danger of ending a rotate argument with [\*]$ builds a
/etc/logrotate.d/ entry

Additional Information:
	
The requested enhancement is straightforward -- add code in the globbing section
expansion loopwalk, thus:

   | grep -v '[\*][0-9z]$' 

which will cause it to ignore prior rotated logfiles, both compressed and
uncompressed.

We do this in several other contexts already -- ignoring *.rpm{new|orig|etc} in
/etc/rc.d/init.d and in /etc/sysconfig/entwork-scripts ignoring *~ entries. 
This is making the system robust against careless packaging, which _keeps_
happening.

-- Russ Herrold
Comment 1 R P Herrold 2002-12-02 18:52:03 UTC 
ouch -- just got done deleting 120K empty logrotate inodes used (uselessly) on a
production host.

Any word on this one?
Comment 2 Elliot Lee 2002-12-10 19:52:08 UTC 
The packages mentioned have been fixed (using wildcards like that is just plain bad). I 
can't promise a fix in logrotate, but if someone comes up with a patch, I'll look at it.