This is *not* a duplicate of bug 13122; it is a different (though related) problem. logrotate-3.5.2 from Red Hat 7still* breaks when you have a space in a file name if you enable the "compress" option. With you enable "compress", logrotate uses a shell, probably via system(), to invoke gzip. This is very bad, because it can pass random characters to the shell (spaces, parens, whatever.) Such random characters do appear in the names of Samba log files, because each log file name contains the NetBIOS name of the client Windows system. This is almost certainly a security hole... An administrator has no control over how Windows users name their machines, so he has no control over the log file names, so he has no control over the trash which logrotate passes to the shell.
This happens even without "compress"; we just got the following via Email: errors occured while rotating /var/log/samba/log.* { sh: syntax error near unexpected token `(d' sh: -c: line 1: `/bin/sh /tmp/logrotf1a6AC /var/log/samba/log.my laptop (dyn).1' error running postrotate script Will this problem be fixed sooner if I can actually find a remote root exploit based on it?
Filenames are quoted in logrotate 3.5.6 and later.