Bug 73879 - RFE: make logrotate robust against terminal wildcards
Summary: RFE: make logrotate robust against terminal wildcards
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: logrotate
Version: 1.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Elliot Lee
QA Contact: Jay Turner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-09-12 20:42 UTC by R P Herrold
Modified: 2015-01-08 00:00 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-12-02 18:52:11 UTC
Embargoed:


Attachments (Terms of Use)

Description R P Herrold 2002-09-12 20:42:35 UTC
Description of Problem:

logrotate is too fragile, in facilitating Denial of Service (inode depletion
forkbombs) when used with a globbing of [\*]$ in an entry

Version-Release number of selected component (if applicable):

all recent

How Reproducible:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=68917
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=68422
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=68096

- samba, mgetty, mailman
have ALL suffered from this in recent years when a packager who does not
understand the danger of ending a rotate argument with [\*]$ builds a
/etc/logrotate.d/ entry

Additional Information:
	
The requested enhancement is straightforward -- add code in the globbing section
expansion loopwalk, thus:

   | grep -v '[\*][0-9z]$' 

which will cause it to ignore prior rotated logfiles, both compressed and
uncompressed.

We do this in several other contexts already -- ignoring *.rpm{new|orig|etc} in
/etc/rc.d/init.d and in /etc/sysconfig/entwork-scripts ignoring *~ entries. 
This is making the system robust against careless packaging, which _keeps_
happening.

-- Russ Herrold

Comment 1 R P Herrold 2002-12-02 18:52:03 UTC
ouch -- just got done deleting 120K empty logrotate inodes used (uselessly) on a
production host.

Any word on this one?

Comment 2 Elliot Lee 2002-12-10 19:52:08 UTC
The packages mentioned have been fixed (using wildcards like that is just plain bad). I 
can't promise a fix in logrotate, but if someone comes up with a patch, I'll look at it.


Note You need to log in before you can comment on or make changes to this bug.