Created attachment 521678 [details] My email to logrotate-owner Description of problem: Logrotate may inadvertently replace essential system files like /dev/null and /bin/kill with zero-length files if a single "{" character is omitted. Version-Release number of selected component (if applicable): logrotate-3.7.4 (according to logrotate changelog, still unfixed in logrotate-3.8.0, which is the current upstream version) How reproducible: always Steps to Reproduce: 1. edit standard RHEL 5.6 /etc/logrotate.d/syslog configuration file, removing the "{" from the line that lists /var/log/secure and other syslog logfiles 2. run /etc/cron.daily/logrotate Actual results: When "{" is missing, any valid filenames contained in the options block will be replaced with zero-length files, including /bin/kill, /var/run/[r]syslogd.pid, and /dev/null. Options that don't match to valid filenames will produce error messages, but logrotate will keep going. The /var/lib/logrotate.state file will contain lines that indicate the "filenames" logrotate has attempted to rotate. (This will be useful in restoring the system to normal.) Expected results: Logrotate should detect an unexpected "}" character while parsing the configuration file, produce an error message about configuration file syntax error (e.g. "unexpected '}' in file %s line %d, possible missing '{' earlier"), and stop without rotating anything. Alternatively, ignoring the current included configuration file and/or all log files specified after the last valid { ... } block would be acceptable too. Additional info: I contacted Jan Kaluza (logrotate-owner). Email attached. He agreed this should be fixed.
Thanks for the report. It's already fixed in logrotate upstream repository and patch ([1] ,[2]) can be backported. [1] https://fedorahosted.org/logrotate/changeset/344 [2] https://fedorahosted.org/logrotate/changeset/345
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: Logrotate did not check for proper matching of brackets in config file. Consequence: This could lead to system files being removed because Logrotate didn't detect the config file error and didn't stop the rotation process for the particular config file. Fix: Logrotate now checks brackets presence and their matching. Result: Config file with bad syntax described above is skipped.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0704.html