4825 – logrotate doesn't quote shell constructs in filenames

Bug 4825 - logrotate doesn't quote shell constructs in filenames

Summary: logrotate doesn't quote shell constructs in filenames

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	logrotate
Sub Component:
Version:	6.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Preston Brown
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-09-01 12:40 UTC by carlo
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	1999-09-24 18:25:08 UTC
Embargoed:

Attachments	(Terms of Use)

Description carlo 1999-09-01 12:40:09 UTC

Hiya,

I got the following mail:

From: root <root>
To: carlo.nl
Subject: errors rotating logs

errors occured while rotating /home/carlo/irc/log/*

/home/carlo/irc/log/log.Flanders.Be.Eu.Undernet.org.: No
such file or directory
sh: Neo: command not found
sh: .1: command not found
failed to compress previous log
/home/carlo/irc/log/log.Flanders.Be.Eu.Undernet.org.|Neo|.1

Note that "log.Flanders.Be.Eu.Undernet.org.|Neo|" is a
FILE name. It tries (as root) to execute `Neo'. Surely
some quoting is missing somewhere :)

Greetings,

Carlo Wood

Comment 1 Preston Brown 1999-09-01 13:46:59 UTC

well I would hardly call this "arbitrary commands."  I can't see how a
user would be able to exploit this.  If root is logrotating logs, then
he has control over which directories and files to rotate.  If you are
running it as a user, you do as well.

However, you are correct that it isn't quoting everything (at least
that is how things appear).  I'll look into that.

Comment 2 Preston Brown 1999-09-24 18:25:59 UTC

it will be difficult to change logrotate to not do this.  Please
rename your log file.

Note You need to log in before you can comment on or make changes to this bug.