Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Mar 2011 12:54:19 +0000
From: Paul Martin <>
To: Jan Kaluža <>
Cc: Solar Designer <>,,
	"Steven M. Christey" <>,
	Stefan Fritsch <>, Florian Zumbiehl <>,
	Petr Uzel <>, Thomas Biege <>
Subject: Re: CVE Request -- logrotate -- nine issues

On Mon, Mar 07, 2011 at 01:21:05PM +0100, Jan Kaluža wrote:

> I think logrotate should skip rotation of files in unsafe
> directories and show error message instead. Logrotate should also
> contain something like "--force" switch (this name is already used,
> so we have to find better one, but I don't have anything better in
> mind just now). With this switch logrotate should *not* skip unsafe
> directories and rotate them as it currently does, but show the error
> message. Basically it allows backward compatibility.

"--override-unsafe-directory-check" perhaps?  Make it a long option,
so that there is no doubt that the user is doing something that's
potentially dangerous.

(I am following this discussion with great interest.)

Paul Martin <>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ