Репозитории ALT
S: | 3.20.1-alt2 |
5.1: | 3.7.9-alt0.M51.1 |
4.1: | 3.6.2-alt4 |
4.0: | 3.6.2-alt4 |
3.0: | 3.6.2-alt3 |
Группа :: Работа с файлами
Пакет: logrotate
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: 0003-ALT-insecure-permissions.patch
Скачать
Скачать
From 0caff0a074445b8a10050e336fdf9de3b11a6150 Mon Sep 17 00:00:00 2001
From: Alexey Gladkov <legion@altlinux.org>
Date: Sat, 25 Apr 2020 18:01:50 +0300
Subject: ALT: insecure permissions
Signed-off-by: Alexey Gladkov <legion@altlinux.org>
---
logrotate.c | 36 ++++++++++++++++++++++++++++++------
1 file changed, 30 insertions(+), 6 deletions(-)
diff --git a/logrotate.c b/logrotate.c
index 27a864a..24cce46 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -1376,13 +1376,37 @@ static int findNeedRotating(const struct logInfo *log, unsigned logNum, int forc
free(logpath);
return 0;
}
- /* Don't rotate in directories writable by others or group which is not "root" */
- if ((sb.st_gid != 0 && (sb.st_mode & S_IWGRP)) || (sb.st_mode & S_IWOTH)) {
- message(MESS_ERROR, "skipping \"%s\" because parent directory has insecure permissions"
- " (It's world writable or writable by group which is not \"root\")"
- " Set \"su\" directive in config file to tell logrotate which user/group"
+ /* Don't rotate in insecure directories. */
+ if (sb.st_uid != 0) {
+ message(MESS_ERROR, "skipping \"%s\" because parent"
+ " directory has insecure permissions"
+ " (it's not owned by \"root\");"
+ " consider using \"su\" directive in config"
+ " file to tell logrotate which user/group"
" should be used for rotation.\n"
- ,log->files[logNum]);
+ , log->files[logNum]);
+ free(logpath);
+ return 1;
+ }
+ if (sb.st_mode & S_IWGRP && !(sb.st_mode & S_ISVTX)) {
+ message(MESS_ERROR, "skipping \"%s\" because parent"
+ " directory has insecure permissions"
+ " (it's group writable and has no sticky bit set);"
+ " consider using \"su\" directive in config"
+ " file to tell logrotate which user/group"
+ " should be used for rotation.\n"
+ , log->files[logNum]);
+ free(logpath);
+ return 1;
+ }
+ if (sb.st_mode & S_IWOTH) {
+ message(MESS_ERROR, "skipping \"%s\" because parent"
+ " directory has insecure permissions"
+ " (it's writable by others);"
+ " consider using \"su\" directive in config"
+ " file to tell logrotate which user/group"
+ " should be used for rotation.\n"
+ , log->files[logNum]);
free(logpath);
return 1;
}
--
2.25.4