Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37426552
en ru br
Репозитории ALT
S:3.20.1-alt2
5.1: 3.7.9-alt0.M51.1
4.1: 3.6.2-alt4
4.0: 3.6.2-alt4
3.0: 3.6.2-alt3
www.altlinux.org/Changes

Группа :: Работа с файлами
Пакет: logrotate

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Патч: 0003-ALT-insecure-permissions.patch
Скачать

From 0caff0a074445b8a10050e336fdf9de3b11a6150 Mon Sep 17 00:00:00 2001
From: Alexey Gladkov <legion@altlinux.org>
Date: Sat, 25 Apr 2020 18:01:50 +0300
Subject: ALT: insecure permissions
Signed-off-by: Alexey Gladkov <legion@altlinux.org>
---
 logrotate.c | 36 ++++++++++++++++++++++++++++++------
 1 file changed, 30 insertions(+), 6 deletions(-)
diff --git a/logrotate.c b/logrotate.c
index 27a864a..24cce46 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -1376,13 +1376,37 @@ static int findNeedRotating(const struct logInfo *log, unsigned logNum, int forc
             free(logpath);
             return 0;
         }
-        /* Don't rotate in directories writable by others or group which is not "root"  */
-        if ((sb.st_gid != 0 && (sb.st_mode & S_IWGRP)) || (sb.st_mode & S_IWOTH)) {
-            message(MESS_ERROR, "skipping \"%s\" because parent directory has insecure permissions"
-                    " (It's world writable or writable by group which is not \"root\")"
-                    " Set \"su\" directive in config file to tell logrotate which user/group"
+        /* Don't rotate in insecure directories. */
+        if (sb.st_uid != 0) {
+            message(MESS_ERROR, "skipping \"%s\" because parent"
+                    " directory has insecure permissions"
+                    " (it's not owned by \"root\");"
+                    " consider using \"su\" directive in config"
+                    " file to tell logrotate which user/group"
                     " should be used for rotation.\n"
-                    ,log->files[logNum]);
+                    , log->files[logNum]);
+            free(logpath);
+            return 1;
+        }
+        if (sb.st_mode & S_IWGRP && !(sb.st_mode & S_ISVTX)) {
+            message(MESS_ERROR, "skipping \"%s\" because parent"
+                    " directory has insecure permissions"
+                    " (it's group writable and has no sticky bit set);"
+                    " consider using \"su\" directive in config"
+                    " file to tell logrotate which user/group"
+                    " should be used for rotation.\n"
+                    , log->files[logNum]);
+            free(logpath);
+            return 1;
+        }
+        if (sb.st_mode & S_IWOTH) {
+            message(MESS_ERROR, "skipping \"%s\" because parent"
+                    " directory has insecure permissions"
+                    " (it's writable by others);"
+                    " consider using \"su\" directive in config"
+                    " file to tell logrotate which user/group"
+                    " should be used for rotation.\n"
+                    , log->files[logNum]);
             free(logpath);
             return 1;
         }
-- 
2.25.4








 






	дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005,
	Andrew Avramenko aka liks © 2007-2008

	текущий майнтейнер: Michael Shigorin