Bug 73879 - RFE: make logrotate robust against terminal wildcards
RFE: make logrotate robust against terminal wildcards
Product: Red Hat Raw Hide
Classification: Retired
Component: logrotate (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
Jay Turner
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2002-09-12 16:42 EDT by R P Herrold
Modified: 2015-01-07 19:00 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-12-02 13:52:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description R P Herrold 2002-09-12 16:42:35 EDT
Description of Problem:

logrotate is too fragile, in facilitating Denial of Service (inode depletion
forkbombs) when used with a globbing of [\*]$ in an entry

Version-Release number of selected component (if applicable):

all recent

How Reproducible:

- samba, mgetty, mailman
have ALL suffered from this in recent years when a packager who does not
understand the danger of ending a rotate argument with [\*]$ builds a
/etc/logrotate.d/ entry

Additional Information:
The requested enhancement is straightforward -- add code in the globbing section
expansion loopwalk, thus:

   | grep -v '[\*][0-9z]$' 

which will cause it to ignore prior rotated logfiles, both compressed and

We do this in several other contexts already -- ignoring *.rpm{new|orig|etc} in
/etc/rc.d/init.d and in /etc/sysconfig/entwork-scripts ignoring *~ entries. 
This is making the system robust against careless packaging, which _keeps_

-- Russ Herrold
Comment 1 R P Herrold 2002-12-02 13:52:03 EST
ouch -- just got done deleting 120K empty logrotate inodes used (uselessly) on a
production host.

Any word on this one?
Comment 2 Elliot Lee 2002-12-10 14:52:08 EST
The packages mentioned have been fixed (using wildcards like that is just plain bad). I 
can't promise a fix in logrotate, but if someone comes up with a patch, I'll look at it.

Note You need to log in before you can comment on or make changes to this bug.