diff --git a/nagios/base/logging.c b/nagios/base/logging.c index aa875e9..86f2019 100644 --- a/nagios/base/logging.c +++ b/nagios/base/logging.c @@ -160,6 +160,8 @@ int write_to_all_logs_with_timestamp(char *buffer, unsigned long data_type, time int write_to_log(char *buffer, unsigned long data_type, time_t *timestamp){ FILE *fp=NULL; time_t log_time=0L; + int fh; + struct stat st; if(buffer==NULL) return ERROR; @@ -172,7 +174,26 @@ int write_to_log(char *buffer, unsigned long data_type, time_t *timestamp){ if(!(data_type & logging_options)) return OK; - fp=fopen(log_file,"a+"); + fh = open(log_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR); + + if (fh != -1) { + if ((fstat(fh, &st)) == -1) { + close(fh); + if (daemon_mode == FALSE) + printf("Warning: Cannot fstat log file '%s'\n", log_file); + return NULL; + } + if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) { + close(fh); + if (daemon_mode == FALSE) + printf("Warning: log file '%s' has an invalid mode\n", log_file); + return NULL; + } + } + + if (fh != -1) + fp=fdopen(fh,"a+"); + if(fp==NULL){ if(daemon_mode==FALSE) printf("Warning: Cannot open log file '%s' for writing\n",log_file); @@ -445,6 +466,8 @@ int write_log_file_info(time_t *timestamp){ /* opens the debug log for writing */ int open_debug_log(void){ + int fh; + struct stat st; /* don't do anything if we're not actually running... */ if(verify_config==TRUE || test_scheduling==TRUE) @@ -454,7 +477,19 @@ int open_debug_log(void){ if(debug_level==DEBUGL_NONE) return OK; - if((debug_file_fp=fopen(debug_file,"a+"))==NULL) + if ((fh = open(debug_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR)) == -1) + return ERROR; + + if ((fstat(fh, &st)) == -1) { + close(fh); + return ERROR; + } + if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) { + close(fh); + return ERROR; + } + + if((debug_file_fp=fdopen(fh,"a+"))==NULL) return ERROR; return OK;