Bug 680799 - logrotate: Improper administration of log files located in world-writable directories
Summary: logrotate: Improper administration of log files located in world-writable dir...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-27 19:47 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:43 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-11 06:37:34 UTC


Attachments (Terms of Use)
Adds "su" option (6.37 KB, patch)
2011-03-10 09:47 UTC, Jan Kaluža
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 753079 0 unspecified CLOSED logrotate complains about cacti 2021-02-22 00:41:40 UTC

Internal Links: 753079

Description Jan Lieskovsky 2011-02-27 19:47:34 UTC
A security flaw was found in the way the logrotate utility
performed administration of log files, located in group / world
writable directories. A local attacker could use this flaw
to disclose sensitive information, execute arbitrary code
or cause a denial of service, via unintended / unprivileged
later modifications of log file directory in question.

Different vulnerability than:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=680787 ,
[2] https://bugzilla.redhat.com/show_bug.cgi?id=680789 ,
[3] https://bugzilla.redhat.com/show_bug.cgi?id=680790 ,
[4] https://bugzilla.redhat.com/show_bug.cgi?id=680792 ,
[5] https://bugzilla.redhat.com/show_bug.cgi?id=680795 ,
[6] https://bugzilla.redhat.com/show_bug.cgi?id=680796 ,
[7] https://bugzilla.redhat.com/show_bug.cgi?id=680797 , and
[8] https://bugzilla.redhat.com/show_bug.cgi?id=680798 .

Comment 2 Jan Kaluža 2011-03-10 09:47:51 UTC
Created attachment 483400 [details]
Adds "su" option

This patch adds "su" option variable which can be used to tell logrotate to switch EUID/EGID to specified user/group for rotation of particular log set. We can't use setfsuid/setfsgid because it's Linux specific and logrotate should run also on different posix systems.

With this patch, logrotate does not rotate logs in unsafe directories (world-writable directories or group-writable directories where group is not "root"). It shows error message and skip rotation of log files in unsafe directory.


Note You need to log in before you can comment on or make changes to this bug.