Mailinglist Archive: opensuse-security (193 mails)
| < Previous | Next > |
Re: [suse-security] logrotate - rotate to a information leak?
- From: Sven 'Darkman' Michels <sven@xxxxxxxxxx>
- Date: Tue, 05 Jul 2005 18:20:57 +0200
- Message-id: <42CAB369.4010704@xxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Philippe Vogel wrote:
| Isn't there a way over /etc/permissions.*?
possible, but we don't want work arounds if its supposed
to work otherwise ;)
| Other way is to do the following _without_ prerotate or postrotate:
|
| /etc/logrotate.d/xyz-service
|
| /var/log/xyz-log {
| [...]
| create 0600 user group
| rotate 1
| [...]
| }
|
| Somehow this behaviour (chmod 0600 for logfiles) is default within
| debian 3.x ;)
this is not the problem, the problem is a simple bug in the
suse(?) package of logrotate, create is only applied to the
new opened logfile, not to the archives.
Regards,
Sven
PS: thanks Marcus and Kevin Ivory for your informations!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFCyrNoQoCguWUBzBwRAgo3AKCRgPECF5x40rGXpqf2JH6NqnilKgCfU97T
T57m3q5hW7gCmgZ7I0FI2e0=
=ttmq
-----END PGP SIGNATURE-----
Hash: SHA1
Philippe Vogel wrote:
| Isn't there a way over /etc/permissions.*?
possible, but we don't want work arounds if its supposed
to work otherwise ;)
| Other way is to do the following _without_ prerotate or postrotate:
|
| /etc/logrotate.d/xyz-service
|
| /var/log/xyz-log {
| [...]
| create 0600 user group
| rotate 1
| [...]
| }
|
| Somehow this behaviour (chmod 0600 for logfiles) is default within
| debian 3.x ;)
this is not the problem, the problem is a simple bug in the
suse(?) package of logrotate, create is only applied to the
new opened logfile, not to the archives.
Regards,
Sven
PS: thanks Marcus and Kevin Ivory for your informations!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFCyrNoQoCguWUBzBwRAgo3AKCRgPECF5x40rGXpqf2JH6NqnilKgCfU97T
T57m3q5hW7gCmgZ7I0FI2e0=
=ttmq
-----END PGP SIGNATURE-----
| < Previous | Next > |