Bug 680799 - logrotate: Improper administration of log files located in world-writable directories
logrotate: Improper administration of log files located in world-writable dir...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2011-02-27 14:47 EST by Jan Lieskovsky
Modified: 2011-11-11 10:48 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-03-11 01:37:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Adds "su" option (6.37 KB, patch)
2011-03-10 04:47 EST, Jan Kaluža
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2011-02-27 14:47:34 EST
A security flaw was found in the way the logrotate utility
performed administration of log files, located in group / world
writable directories. A local attacker could use this flaw
to disclose sensitive information, execute arbitrary code
or cause a denial of service, via unintended / unprivileged
later modifications of log file directory in question.

Different vulnerability than:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=680787 ,
[2] https://bugzilla.redhat.com/show_bug.cgi?id=680789 ,
[3] https://bugzilla.redhat.com/show_bug.cgi?id=680790 ,
[4] https://bugzilla.redhat.com/show_bug.cgi?id=680792 ,
[5] https://bugzilla.redhat.com/show_bug.cgi?id=680795 ,
[6] https://bugzilla.redhat.com/show_bug.cgi?id=680796 ,
[7] https://bugzilla.redhat.com/show_bug.cgi?id=680797 , and
[8] https://bugzilla.redhat.com/show_bug.cgi?id=680798 .
Comment 2 Jan Kaluža 2011-03-10 04:47:51 EST
Created attachment 483400 [details]
Adds "su" option

This patch adds "su" option variable which can be used to tell logrotate to switch EUID/EGID to specified user/group for rotation of particular log set. We can't use setfsuid/setfsgid because it's Linux specific and logrotate should run also on different posix systems.

With this patch, logrotate does not rotate logs in unsafe directories (world-writable directories or group-writable directories where group is not "root"). It shows error message and skip rotation of log files in unsafe directory.

Note You need to log in before you can comment on or make changes to this bug.