Bug 736045 - logrotate has insufficient configuration syntax checking
Summary: logrotate has insufficient configuration syntax checking
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: logrotate
Version: 5.6
Hardware: All
OS: All
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jan Kaluža
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks: 736053 736054
TreeView+ depends on / blocked
 
Reported: 2011-09-06 14:09 UTC by Matti Kurkela
Modified: 2013-04-12 20:54 UTC (History)
2 users (show)

Fixed In Version: logrotate-3.7.4-13
Doc Type: Bug Fix
Doc Text:
Cause: Logrotate did not check for proper matching of brackets in config file. Consequence: This could lead to system files being removed because Logrotate didn't detect the config file error and didn't stop the rotation process for the particular config file. Fix: Logrotate now checks brackets presence and their matching. Result: Config file with bad syntax described above is skipped.
Clone Of:
: 736053 (view as bug list)
Environment:
Last Closed: 2012-06-04 09:51:35 UTC


Attachments (Terms of Use)
My email to logrotate-owner@fedoraproject.org (3.13 KB, message/rfc822)
2011-09-06 14:09 UTC, Matti Kurkela
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0704 normal SHIPPED_LIVE logrotate bug fix and enhancement update 2012-06-04 13:50:04 UTC

Description Matti Kurkela 2011-09-06 14:09:40 UTC
Created attachment 521678 [details]
My email to logrotate-owner@fedoraproject.org

Description of problem:
Logrotate may inadvertently replace essential system files like /dev/null and /bin/kill with zero-length files if a single "{" character is omitted.

Version-Release number of selected component (if applicable):
logrotate-3.7.4 (according to logrotate changelog, still unfixed in logrotate-3.8.0, which is the current upstream version)

How reproducible:
always

Steps to Reproduce:
1. edit standard RHEL 5.6 /etc/logrotate.d/syslog configuration file, removing the "{" from the line that lists /var/log/secure and other syslog logfiles
2. run /etc/cron.daily/logrotate 

  
Actual results:
When "{" is missing, any valid filenames contained in the options block will be replaced with zero-length files, including /bin/kill, /var/run/[r]syslogd.pid, and /dev/null. 
Options that don't match to valid filenames will produce error messages, but logrotate will keep going.
The /var/lib/logrotate.state file will contain lines that indicate the "filenames" logrotate has attempted to rotate. (This will be useful in restoring the system to normal.)

Expected results:
Logrotate should detect an unexpected "}" character while parsing the configuration file, produce an error message about configuration file syntax error (e.g. "unexpected '}' in file %s line %d, possible missing '{' earlier"), and stop without rotating anything. Alternatively, ignoring the current included configuration file and/or all log files specified after the last valid { ... } block would be acceptable too.

Additional info:
I contacted Jan Kaluza (logrotate-owner@fedoraproject.org). Email attached. He agreed this should be fixed.

Comment 1 Jan Kaluža 2011-09-06 14:32:16 UTC
Thanks for the report. It's already fixed in logrotate upstream repository and patch ([1] ,[2]) can be backported.

[1] https://fedorahosted.org/logrotate/changeset/344
[2] https://fedorahosted.org/logrotate/changeset/345

Comment 4 Jan Kaluža 2012-05-15 09:32:43 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Logrotate did not check for proper matching of brackets in config file.

Consequence: This could lead to system files being removed because Logrotate didn't detect the config file error and didn't stop the rotation process for the particular config file.

Fix: Logrotate now checks brackets presence and their matching.

Result: Config file with bad syntax described above is skipped.

Comment 8 errata-xmlrpc 2012-06-04 09:51:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0704.html


Note You need to log in before you can comment on or make changes to this bug.