Debian Bug report logs - #388608
logrotate: Creation of files has race condition that could allow unintended file access

version graph

Package: logrotate; Maintainer for logrotate is Paul Martin <pm@debian.org>; Source for logrotate is src:logrotate.

Reported by: Florian Zumbiehl <florz@gmx.de>

Date: Thu, 21 Sep 2006 14:48:02 UTC

Severity: important

Tags: lenny, security

Merged with 606541, 606543, 606544, 606545, 606547, 606548, 606549, 606551, 606552, 606553, 606554, 606555, 606560, 606561, 606562, 606563, 606566, 606567, 606568, 606569, 606570, 606571, 606572, 606573, 606580, 606581, 606582, 606583, 606584, 606585, 606586, 606587, 606595, 606596, 606597, 606598, 606599, 606600, 606601, 606602, 606608, 606609

Found in versions 3.7.1.5, logrotate/3.7-5

Fixed in versions logrotate/3.7.8-2, logrotate/3.7.8-4, aolserver4/4.5.1-15

Done: Francesco Paolo Lovergine <frankie@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Paul Martin <pm@debian.org>:
Bug#388608; Package logrotate. Full text and rfc822 format available.

Acknowledgement sent to Florian Zumbiehl <florz@gmx.de>:
New Bug report received and forwarded. Copy sent to Paul Martin <pm@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Florian Zumbiehl <florz@gmx.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: logrotate: Creation of files has race condition that could allow unintended file access
Date: Thu, 21 Sep 2006 15:35:39 +0200
Package: logrotate
Version: 3.7-5
Severity: important
Tags: security

In the code of logrotate there are multiple instances of code like the
following:

|    fstat(inFile, &sb);
|
|    if ((outFile = open(compressedName, O_RDWR | O_CREAT | O_TRUNC, sb.st_mode)) < 0) {
|        message(MESS_ERROR, "unable to open %s for compressed output\n",
|                compressedName);
|        close(inFile);
|        return 1;
|    }
|
|    if (fchown(outFile, sb.st_uid, sb.st_gid)) {
|        message(MESS_ERROR, "unable to change owner of output file %s\n",
|                compressedName);
|        close(inFile);
|        close(outFile);
|        return 1;
|    }

I'd argue that there is a race condition in there: If sb.st_mode
includes group permissions, this could (given the appropriate umask)
grant these permissions to the effective group of the creating process
in the moment of file creation.

As a user, I'd expect the "permission cloning" to happen in such a way
that it is guaranteed that access to the information contained in the log
file is always limited to what is specified by the log file's permissions.

In the default setup, this, of course, shouldn't be a problem, since
logrotate is run with an effective group of root, and any member of that
group will usually have access to the log files anyway. When logrotate
is used by normal users, though, this could be a security problem.

One possible solution would be to always create files with S_IRUSR|S_IWUSR
as the mode parameter to open and do a chmod to sb.st_mode after the
chown. I'm not sure, though, whether that would still leave problems
in some cases where an attacker could create the to-be-created file
beforehand and thus cause it to just be opened and truncated without
re-creation. The most-easily constructed scenario (directory writeable
by a user/group not allowed to read the log file) should be prevented by
the chown failing for a non-root logrotate process when trying to change
the owner of the destination file.

Unless anyone is sure that there are no problems left with this
solution (and for the sake of clarity maybe even then), I'd suggest
to instead unlink() the filename beforehand, then (re-)create it with
O_EXCL and mode of 0 (shouldn't cause any problems anymore, since
logrotate never will need to open it unless the later chmod has been
executed), then chown and then chmod the file to set the "cloned
permissions" (possibly obeying the current umask for backwards
compatibility, even though I do consider it rather counter-intuitive
that the umask is obeyed while cloning the permissions of one file onto
another).

The only case I can think of where this could cause problems is if
someone is currently creating the files before calling logrotate
in a place where logrotate would not be allowed to create them
itself. I somehow doubt, though, that anyone is doing that ...



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#388608; Package logrotate. Full text and rfc822 format available.

Acknowledgement sent to Paul Martin <pm@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 388608@bugs.debian.org (full text, mbox):

From: Paul Martin <pm@debian.org>
To: Florian Zumbiehl <florz@gmx.de>, 388608@bugs.debian.org
Subject: Re: Bug#388608: logrotate: Creation of files has race condition that could allow unintended file access
Date: Thu, 21 Sep 2006 18:30:07 +0100
On Thu, Sep 21, 2006 at 03:35:39PM +0200, Florian Zumbiehl wrote:

> One possible solution would be to always create files with S_IRUSR|S_IWUSR
> as the mode parameter to open and do a chmod to sb.st_mode after the
> chown. I'm not sure, though, whether that would still leave problems
> in some cases where an attacker could create the to-be-created file
> beforehand and thus cause it to just be opened and truncated without
> re-creation. The most-easily constructed scenario (directory writeable
> by a user/group not allowed to read the log file) should be prevented by
> the chown failing for a non-root logrotate process when trying to change
> the owner of the destination file.

Surely in that case, the file couldn't be created in the first place.

> Unless anyone is sure that there are no problems left with this
> solution (and for the sake of clarity maybe even then), I'd suggest
> to instead unlink() the filename beforehand, then (re-)create it with
> O_EXCL and mode of 0 (shouldn't cause any problems anymore, since
> logrotate never will need to open it unless the later chmod has been
> executed), then chown and then chmod the file to set the "cloned
> permissions" (possibly obeying the current umask for backwards
> compatibility, even though I do consider it rather counter-intuitive
> that the umask is obeyed while cloning the permissions of one file onto
> another).

So, you're suggesting that the sequence should be:

unlink(file)
open(file,O_CREAT|O_EXCL|O_NOFOLLOW,0)  -- fails if file exists
close(file)
chown(file,user,group)
chmod(file,mode)

-- 
Paul Martin <pm@debian.org>



Information forwarded to debian-bugs-dist@lists.debian.org, Paul Martin <pm@debian.org>:
Bug#388608; Package logrotate. Full text and rfc822 format available.

Acknowledgement sent to Florian Zumbiehl <florz@gmx.de>:
Extra info received and forwarded to list. Copy sent to Paul Martin <pm@debian.org>. Full text and rfc822 format available.

Message #15 received at 388608@bugs.debian.org (full text, mbox):

From: Florian Zumbiehl <florz@gmx.de>
To: Paul Martin <pm@debian.org>
Cc: 388608@bugs.debian.org
Subject: Re: Bug#388608: logrotate: Creation of files has race condition that could allow unintended file access
Date: Thu, 21 Sep 2006 21:14:42 +0200
Hi,

> > One possible solution would be to always create files with S_IRUSR|S_IWUSR
> > as the mode parameter to open and do a chmod to sb.st_mode after the
> > chown. I'm not sure, though, whether that would still leave problems
> > in some cases where an attacker could create the to-be-created file
> > beforehand and thus cause it to just be opened and truncated without
> > re-creation. The most-easily constructed scenario (directory writeable
> > by a user/group not allowed to read the log file) should be prevented by
> > the chown failing for a non-root logrotate process when trying to change
> > the owner of the destination file.
> 
> Surely in that case, the file couldn't be created in the first place.

Why not? Directory owned by the user running logrotate and the group that's
not supposed to read the log, mode 0770, logfile owned by the same user and
mode 0700 - so, any member of said group could create a file there and
logrotate would open it and write all the valuable data to it - well,
were it not for the chown that would fail because the user running
logrotate would not be allowed to change the owner of a file not
belonging to him ...

> > Unless anyone is sure that there are no problems left with this
> > solution (and for the sake of clarity maybe even then), I'd suggest
> > to instead unlink() the filename beforehand, then (re-)create it with
> > O_EXCL and mode of 0 (shouldn't cause any problems anymore, since
> > logrotate never will need to open it unless the later chmod has been
> > executed), then chown and then chmod the file to set the "cloned
> > permissions" (possibly obeying the current umask for backwards
> > compatibility, even though I do consider it rather counter-intuitive
> > that the umask is obeyed while cloning the permissions of one file onto
> > another).
> 
> So, you're suggesting that the sequence should be:
> 
> unlink(file)
> open(file,O_CREAT|O_EXCL|O_NOFOLLOW,0)  -- fails if file exists

I don't see any need for the O_NOFOLLOW!? O_EXCL already causes open()
to fail on a symbolic link ...

> close(file)
> chown(file,user,group)
> chmod(file,mode)

Erm, no, of course, fchown() and fchmod() should still be used in order
to avoid race conditions there.

I find it a bit difficult to judge whether this would be "secure", as
the intended usage scenarios aren't completely clear to me. If you
consider, for example, a destination directory that is below a globally
writable directory, any user could rename that former directory and
then re-create one with the original name in which he would be able
to delete rotated files. Is that a problem? *shrug* :-)

At least the "usual" setups where the destination directory itself
is accessible by more than just the user running logrotate and root,
but where the object named by that directory's path cannot be changed
by anyone "untrusted", and where this is all on a local filesystem,
and where there are no ACLs involved, this should prevent any
log contents to be leaked or to be manipulated.

Oh, and BTW, I'd be willing to create a patch, given that I do know
what the patch should fix ;-)

In particular, one question that still would be needed to be answered
is whether the current umask should have any effect on the permissions
of created files, as it currently does (partially).

Florian



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#388608; Package logrotate. Full text and rfc822 format available.

Acknowledgement sent to Paul Martin <pm@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #20 received at 388608@bugs.debian.org (full text, mbox):

From: Paul Martin <pm@debian.org>
To: Florian Zumbiehl <florz@gmx.de>, 388608@bugs.debian.org
Subject: Re: Bug#388608: logrotate: Creation of files has race condition that could allow unintended file access
Date: Fri, 22 Sep 2006 09:49:13 +0100
On Thu, Sep 21, 2006 at 09:14:42PM +0200, Florian Zumbiehl wrote:

> In particular, one question that still would be needed to be answered
> is whether the current umask should have any effect on the permissions
> of created files, as it currently does (partially).

The created file in this instance is a compressed version of the 
original file, with the same permissions and ownership.

A patch would be most welcome.

-- 
Paul Martin <pm@debian.org>



Information forwarded to debian-bugs-dist@lists.debian.org, Paul Martin <pm@debian.org>:
Bug#388608; Package logrotate. Full text and rfc822 format available.

Acknowledgement sent to Florian Zumbiehl <florz@gmx.de>:
Extra info received and forwarded to list. Copy sent to Paul Martin <pm@debian.org>. Full text and rfc822 format available.

Message #25 received at 388608@bugs.debian.org (full text, mbox):

From: Florian Zumbiehl <florz@gmx.de>
To: Paul Martin <pm@debian.org>
Cc: 388608@bugs.debian.org
Subject: Re: Bug#388608: logrotate: Creation of files has race condition that could allow unintended file access
Date: Fri, 22 Sep 2006 17:28:39 +0200
[Message part 1 (text/plain, inline)]
Hi,

> > In particular, one question that still would be needed to be answered
> > is whether the current umask should have any effect on the permissions
> > of created files, as it currently does (partially).
> 
> The created file in this instance is a compressed version of the 
> original file, with the same permissions and ownership.

In particular in that very case, it is not, at least not in Sarge. The
mode of the source file is "applied" to the destination file in the open()
call only, and that is affected by the current umask.

I guess this should stay backwards-compatible?!

> A patch would be most welcome.

Attached you find a patch for 3.7. It's untested, though. I don't have
any clue what that SE-Linux stuff does, so the changes might be wrong
with regard to that ...

Florian
[logrotate-3.7-secure-filecreation.diff (text/plain, attachment)]

Reply sent to Paul Martin <pm@debian.org>:
You have taken responsibility. (Tue, 04 Aug 2009 16:03:23 GMT) Full text and rfc822 format available.

Notification sent to Florian Zumbiehl <florz@gmx.de>:
Bug acknowledged by developer. (Tue, 04 Aug 2009 16:03:23 GMT) Full text and rfc822 format available.

Message #30 received at 388608-close@bugs.debian.org (full text, mbox):

From: Paul Martin <pm@debian.org>
To: 388608-close@bugs.debian.org
Subject: Bug#388608: fixed in logrotate 3.7.8-1
Date: Tue, 04 Aug 2009 15:51:30 +0000
Source: logrotate
Source-Version: 3.7.8-1

We believe that the bug you reported is fixed in the latest version of
logrotate, which is due to be installed in the Debian FTP archive:

logrotate_3.7.8-1.diff.gz
  to pool/main/l/logrotate/logrotate_3.7.8-1.diff.gz
logrotate_3.7.8-1.dsc
  to pool/main/l/logrotate/logrotate_3.7.8-1.dsc
logrotate_3.7.8-1_i386.deb
  to pool/main/l/logrotate/logrotate_3.7.8-1_i386.deb
logrotate_3.7.8.orig.tar.gz
  to pool/main/l/logrotate/logrotate_3.7.8.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 388608@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul Martin <pm@debian.org> (supplier of updated logrotate package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 04 Aug 2009 15:18:18 +0100
Source: logrotate
Binary: logrotate
Architecture: source i386
Version: 3.7.8-1
Distribution: experimental
Urgency: low
Maintainer: Paul Martin <pm@debian.org>
Changed-By: Paul Martin <pm@debian.org>
Description: 
 logrotate  - Log rotation utility
Closes: 388608 484762 519432
Changes: 
 logrotate (3.7.8-1) experimental; urgency=low
 .
   * New upstream release:
     - do not exit on status file errors
     - limit config file inclusion nesting
     - use hashes for status file handling (patch by Petr Tesarik
       <ptesarik@suse.cz> and Leonardo Chiquitto)
     - dateformat to allow unixtime (patch by Sami Kerola <kerolasa@iki.fi>)
   * Upstream has taken some of our patches:
     - manpage.patch: partial uptake, updated
     - man-189243.patch: fully applied upstream
     - man-sizetypo.patch: fully applied upstream
     - man-overriden.patch: fully applied upstream
   * Added a watch file (but upstream has a redirect to https).
   * Upstream has also fixed createOutputFile to be more secure
     (Closes: #388608)
   * New Debian patch:
     + sharedscripts-519432.patch: Prerotate and postrotate scripts get the
       list of rotated files passed to them as arguments. (Closes: #519432)
     + chown-484762.patch: If running as non-root, warn but don't abort if
       we can't chown the compressed log file. (Closes: #484762)
   * Update Standards-Version to 3.8.2. (No changes)
Checksums-Sha1: 
 bb0b632552fe5ecaea4241f10df8e7e293c05b90 1024 logrotate_3.7.8-1.dsc
 5742dc0d9541ac59eba5f5718520f7504aea2159 43246 logrotate_3.7.8.orig.tar.gz
 a0601be995f18678746bde1e4a3c6030aa706528 17999 logrotate_3.7.8-1.diff.gz
 09ebb4b8236edf87193eb2473478ee2ff0a56b8d 41926 logrotate_3.7.8-1_i386.deb
Checksums-Sha256: 
 6f4d5aa55ee8a369e9b28c4b7cda37c8b9c5583765c947e1d36f2e02f2e469e7 1024 logrotate_3.7.8-1.dsc
 21aa3dc830e8cc895ee4199d9325aa1e37cd3b525d0eaef400f66f6c7fc536dd 43246 logrotate_3.7.8.orig.tar.gz
 7dbebc1bf97a7ec72e339b974214b53db80663517cb271c8667ac13d57c1beaf 17999 logrotate_3.7.8-1.diff.gz
 d8ca3e6cd7f3426c150f86bdd2d387d0acc57b1f5a76ef18ad38aba72091d18b 41926 logrotate_3.7.8-1_i386.deb
Files: 
 30411b880d869afd2d4e8e99033c9ec5 1024 admin important logrotate_3.7.8-1.dsc
 b3589bea6d8d5afc8a84134fddaae973 43246 admin important logrotate_3.7.8.orig.tar.gz
 915d3d80f55fc6fc1dc0d9eb347091b6 17999 admin important logrotate_3.7.8-1.diff.gz
 a08302481b74fd936c61801d4f968d1e 41926 admin important logrotate_3.7.8-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKeEN2+gi+rt7UWRIRAku3AJ4+fi32/D/sMjOrf/rJf2sCvXRwzwCbBkQh
RRpDbPZ9DbSpRoxZvQUPgl0=
=/3bU
-----END PGP SIGNATURE-----





Bug No longer marked as fixed in versions logrotate/3.7.8-1 and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 04 Aug 2009 17:06:13 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Paul Martin <pm@debian.org>:
Bug#388608; Package logrotate. (Tue, 04 Aug 2009 17:18:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Zumbiehl <florz@gmx.de>:
Extra info received and forwarded to list. Copy sent to Paul Martin <pm@debian.org>. (Tue, 04 Aug 2009 17:18:11 GMT) Full text and rfc822 format available.

Message #37 received at 388608@bugs.debian.org (full text, mbox):

From: Florian Zumbiehl <florz@gmx.de>
To: 388608@bugs.debian.org
Subject: Re: Bug#388608 closed by Paul Martin <pm@debian.org> (Bug#388608: fixed in logrotate 3.7.8-1)
Date: Tue, 4 Aug 2009 19:14:21 +0200
>    * Upstream has also fixed createOutputFile to be more secure
>      (Closes: #388608)

Whatever supposedly has been made "more secure" there, this bug rather
obviously hasn't been fixed.




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#388608; Package logrotate. (Tue, 04 Aug 2009 18:15:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Martin <pm@debian.org>:
Extra info received and forwarded to list. (Tue, 04 Aug 2009 18:15:09 GMT) Full text and rfc822 format available.

Message #42 received at 388608@bugs.debian.org (full text, mbox):

From: Paul Martin <pm@debian.org>
To: Florian Zumbiehl <florz@gmx.de>, 388608@bugs.debian.org
Subject: Re: Bug#388608: closed by Paul Martin <pm@debian.org> (Bug#388608: fixed in logrotate 3.7.8-1)
Date: Tue, 4 Aug 2009 19:06:37 +0100
On Tue, Aug 04, 2009 at 07:14:21PM +0200, Florian Zumbiehl wrote:
> >    * Upstream has also fixed createOutputFile to be more secure
> >      (Closes: #388608)
> 
> Whatever supposedly has been made "more secure" there, this bug rather
> obviously hasn't been fixed.

Did you read the source?

It's been changed to do:

open()
chmod(restricted)
chown()
chmod(intended)

which does fix the bug, I believe.

-- 
Paul Martin <pm@debian.org>




Information forwarded to debian-bugs-dist@lists.debian.org, Paul Martin <pm@debian.org>:
Bug#388608; Package logrotate. (Tue, 04 Aug 2009 18:30:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Zumbiehl <florz@gmx.de>:
Extra info received and forwarded to list. Copy sent to Paul Martin <pm@debian.org>. (Tue, 04 Aug 2009 18:30:05 GMT) Full text and rfc822 format available.

Message #47 received at 388608@bugs.debian.org (full text, mbox):

From: Florian Zumbiehl <florz@gmx.de>
To: Paul Martin <pm@debian.org>
Cc: 388608@bugs.debian.org
Subject: Re: Bug#388608: closed by Paul Martin <pm@debian.org> (Bug#388608: fixed in logrotate 3.7.8-1)
Date: Tue, 4 Aug 2009 20:26:39 +0200
Hi,

> On Tue, Aug 04, 2009 at 07:14:21PM +0200, Florian Zumbiehl wrote:
> > >    * Upstream has also fixed createOutputFile to be more secure
> > >      (Closes: #388608)
> > 
> > Whatever supposedly has been made "more secure" there, this bug rather
> > obviously hasn't been fixed.
> 
> Did you read the source?

Well, otherwise I probably wouldn't have reopened the bug?

> It's been changed to do:
> 
> open()
> chmod(restricted)
> chown()
> chmod(intended)
> 
> which does fix the bug, I believe.

To quote the first paragraph of my bug report:

| I'd argue that there is a race condition in there: If sb.st_mode
| includes group permissions, this could (given the appropriate umask)
| grant these permissions to the effective group of the creating process
| in the moment of file creation.

The old code:

| open(compressedName, O_RDWR | O_CREAT | O_TRUNC, sb.st_mode)

The new code:

| int createOutputFile(char *fileName, int flags, struct stat *sb)
[...]
| open(fileName, flags, sb->st_mode)
[...]
| createOutputFile(compressedName, O_RDWR | O_CREAT | O_TRUNC, sb)

Now, where is the semantic change that could possibly have fixed this bug?

Florian




Reply sent to Paul Martin <pm@debian.org>:
You have taken responsibility. (Tue, 04 Aug 2009 22:35:31 GMT) Full text and rfc822 format available.

Notification sent to Florian Zumbiehl <florz@gmx.de>:
Bug acknowledged by developer. (Tue, 04 Aug 2009 22:35:31 GMT) Full text and rfc822 format available.

Message #52 received at 388608-close@bugs.debian.org (full text, mbox):

From: Paul Martin <pm@debian.org>
To: 388608-close@bugs.debian.org
Subject: Bug#388608: fixed in logrotate 3.7.8-2
Date: Tue, 04 Aug 2009 22:07:37 +0000
Source: logrotate
Source-Version: 3.7.8-2

We believe that the bug you reported is fixed in the latest version of
logrotate, which is due to be installed in the Debian FTP archive:

logrotate_3.7.8-2.diff.gz
  to pool/main/l/logrotate/logrotate_3.7.8-2.diff.gz
logrotate_3.7.8-2.dsc
  to pool/main/l/logrotate/logrotate_3.7.8-2.dsc
logrotate_3.7.8-2_i386.deb
  to pool/main/l/logrotate/logrotate_3.7.8-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 388608@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul Martin <pm@debian.org> (supplier of updated logrotate package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 04 Aug 2009 21:16:03 +0100
Source: logrotate
Binary: logrotate
Architecture: source i386
Version: 3.7.8-2
Distribution: experimental
Urgency: low
Maintainer: Paul Martin <pm@debian.org>
Changed-By: Paul Martin <pm@debian.org>
Description: 
 logrotate  - Log rotation utility
Closes: 388608
Changes: 
 logrotate (3.7.8-2) experimental; urgency=low
 .
   * New patch:
     + create-388608.patch: Really squash the race condition for the
       creation of compressed log files and the creation of new ones.
       (Closes: 388608)
Checksums-Sha1: 
 668b18f5b53a579fe3b1ef47efd7cbbacaed6871 1024 logrotate_3.7.8-2.dsc
 e5c832b9d06f0dc9944bc7515376fcbb5e8bf0c7 18490 logrotate_3.7.8-2.diff.gz
 097af2205afb5bfac8ee1d2e3e332b5be9f67c62 41956 logrotate_3.7.8-2_i386.deb
Checksums-Sha256: 
 9031ca0292e82a3d8d60c4d93a2be9a7bbcb72b1ca4472cfb7c990a74b349fbc 1024 logrotate_3.7.8-2.dsc
 3e7cf283b45537c5e42363c012c905610e02e20a0efb7c67b81937bfc00f0669 18490 logrotate_3.7.8-2.diff.gz
 be48aa869697f12fdb57e84005b04bdf03faa05d49823dcac2c60ab1cf18c701 41956 logrotate_3.7.8-2_i386.deb
Files: 
 a58c221a937e28a8520716344d612dca 1024 admin important logrotate_3.7.8-2.dsc
 52fcb7dc3761651cfd8c751bc5ae4512 18490 admin important logrotate_3.7.8-2.diff.gz
 8fbf213a219a1391691a5a1068ffe314 41956 admin important logrotate_3.7.8-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKeJee+gi+rt7UWRIRAgbhAJ95JZgku5IwybB5Dc7zS8OH7TL89QCfeTIm
dhj1gjMwzip/5JpQwBM2KSo=
=g7Uh
-----END PGP SIGNATURE-----





Reply sent to Paul Martin <pm@debian.org>:
You have taken responsibility. (Fri, 14 Aug 2009 22:51:08 GMT) Full text and rfc822 format available.

Notification sent to Florian Zumbiehl <florz@gmx.de>:
Bug acknowledged by developer. (Fri, 14 Aug 2009 22:51:08 GMT) Full text and rfc822 format available.

Message #57 received at 388608-close@bugs.debian.org (full text, mbox):

From: Paul Martin <pm@debian.org>
To: 388608-close@bugs.debian.org
Subject: Bug#388608: fixed in logrotate 3.7.8-4
Date: Fri, 14 Aug 2009 22:47:22 +0000
Source: logrotate
Source-Version: 3.7.8-4

We believe that the bug you reported is fixed in the latest version of
logrotate, which is due to be installed in the Debian FTP archive:

logrotate_3.7.8-4.diff.gz
  to pool/main/l/logrotate/logrotate_3.7.8-4.diff.gz
logrotate_3.7.8-4.dsc
  to pool/main/l/logrotate/logrotate_3.7.8-4.dsc
logrotate_3.7.8-4_i386.deb
  to pool/main/l/logrotate/logrotate_3.7.8-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 388608@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul Martin <pm@debian.org> (supplier of updated logrotate package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 14 Aug 2009 23:22:04 +0100
Source: logrotate
Binary: logrotate
Architecture: source i386
Version: 3.7.8-4
Distribution: unstable
Urgency: high
Maintainer: Paul Martin <pm@debian.org>
Changed-By: Paul Martin <pm@debian.org>
Description: 
 logrotate  - Log rotation utility
Closes: 388608
Changes: 
 logrotate (3.7.8-4) unstable; urgency=high
 .
   * New patch:
     + security-388608.patch: A race condition in the creation of
       compressed and copied log files makes it possible to overwrite
       arbitrary files by generating a link or symlink during a window
       of opportunity between logrotate renaming a log file and creating
       the copy of the next. (Closes: #388608) Once again, many thanks to
       Florian Zumbiehl for forcing me to think.
   * Uploading to unstable.
Checksums-Sha1: 
 151551081caf64058d916ca0784b924ff5fbe420 1024 logrotate_3.7.8-4.dsc
 093bd3c377e49135f48ced1698474bf39a53fabb 19405 logrotate_3.7.8-4.diff.gz
 1fdc711cad3bd9d2b502aa5048e1f9ecd257f39a 42390 logrotate_3.7.8-4_i386.deb
Checksums-Sha256: 
 8bc92ebbab9a29f6176498aacd6651faf6eaaf9ae2171f916fc389fc9d15e029 1024 logrotate_3.7.8-4.dsc
 97e68faa5466d26a9a00f9c212e731351b081f784e4836e38cd038d8e94680eb 19405 logrotate_3.7.8-4.diff.gz
 bec7210b498a4886f3217ce2e1cf21426fbb72936203fd3d1feba89097cf5c1f 42390 logrotate_3.7.8-4_i386.deb
Files: 
 b39b76c54ff8ae2abd343c79b8f9da52 1024 admin important logrotate_3.7.8-4.dsc
 4401128624b0d361fda968e180e0d78e 19405 admin important logrotate_3.7.8-4.diff.gz
 dd91de5d549c7c2ea95af91b8fef48e1 42390 admin important logrotate_3.7.8-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKheWW+gi+rt7UWRIRAp5pAJ4oIUuP8Q1O7BtHty51xxJCAJboqgCeNgfB
5aC942CbkPqV7vbQ3kAl0cI=
=71IE
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Paul Martin <pm@debian.org>:
Bug#388608; Package logrotate. (Fri, 10 Dec 2010 10:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Paul Martin <pm@debian.org>. (Fri, 10 Dec 2010 10:33:03 GMT) Full text and rfc822 format available.

Message #62 received at 388608@bugs.debian.org (full text, mbox):

From: Holger Levsen <holger@layer-acht.org>
To: 388608@bugs.debian.org, control@bugs.debian.org, 606541-submitter@bugs.debian.org
Subject: garbage cleanup
Date: Fri, 10 Dec 2010 11:32:06 +0100
[Message part 1 (text/plain, inline)]
forcemerge #388608 #606541 #606543 #606544 #606545 #606547 #606548 #606549 #606551 #606552 #606553 #606554 #606555 #606560 
#606561 #606562 #606563 #606566 #606567 #606568 #606569 #606570 #606571 #606572 #606573 #606580 #606581 #606582 #606583 
#606584 #606585 #606586 #606587
reassign #388608 logrotate
version #388608 3.7.1-5
thanks

Hi,

very funny. not. 

Mass bug filings should be coordinated on -devel@ and not filed because one thinks so.

Also, this is a bug which has to be dealt with in logrotate and which has been dealt there already.

Not helpful.


cheers,
	Holger
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Paul Martin <pm@debian.org>:
Bug#388608; Package logrotate. (Fri, 10 Dec 2010 11:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Paul Martin <pm@debian.org>. (Fri, 10 Dec 2010 11:00:04 GMT) Full text and rfc822 format available.

Message #67 received at 388608@bugs.debian.org (full text, mbox):

From: Holger Levsen <holger@layer-acht.org>
To: 388608@bugs.debian.org, control@bugs.debian.org, 606541-submitter@bugs.debian.org
Subject: garbage cleanup, waste of time, 2nd try
Date: Fri, 10 Dec 2010 11:56:22 +0100
[Message part 1 (text/plain, inline)]
reassign #388608 logrotate 
reassign #606541 logrotate 
reassign #606543 logrotate 
reassign #606544 logrotate 
reassign #606545 logrotate 
reassign #606547 logrotate 
reassign #606548 logrotate 
reassign #606549 logrotate 
reassign #606551 logrotate 
reassign #606552 logrotate 
reassign #606553 logrotate 
reassign #606554 logrotate 
reassign #606555 logrotate 
reassign #606560 logrotate 
reassign #606561 logrotate 
reassign #606562 logrotate 
reassign #606563 logrotate 
reassign #606566 logrotate 
reassign #606567 logrotate 
reassign #606568 logrotate 
reassign #606569 logrotate 
reassign #606570 logrotate 
reassign #606571 logrotate 
reassign #606572 logrotate 
reassign #606573 logrotate 
reassign #606580 logrotate 
reassign #606581 logrotate 
reassign #606582 logrotate 
reassign #606583 logrotate 
reassign #606584 logrotate 
reassign #606585 logrotate 
reassign #606586 logrotate 
reassign #606587 logrotate 
version #388608 3.7.1.5
version #606541 3.7.1.5
version #606543 3.7.1.5
version #606544 3.7.1.5
version #606545 3.7.1.5
version #606547 3.7.1.5
version #606548 3.7.1.5
version #606549 3.7.1.5
version #606551 3.7.1.5
version #606552 3.7.1.5
version #606553 3.7.1.5
version #606554 3.7.1.5
version #606555 3.7.1.5
version #606560 3.7.1.5
version #606561 3.7.1.5
version #606562 3.7.1.5
version #606563 3.7.1.5
version #606566 3.7.1.5
version #606567 3.7.1.5
version #606568 3.7.1.5
version #606569 3.7.1.5
version #606570 3.7.1.5
version #606571 3.7.1.5
version #606572 3.7.1.5
version #606573 3.7.1.5
version #606580 3.7.1.5
version #606581 3.7.1.5
version #606582 3.7.1.5
version #606583 3.7.1.5
version #606584 3.7.1.5
version #606585 3.7.1.5
version #606586 3.7.1.5
version #606587 3.7.1.5
forcemerge #388608 #606541 #606543 #606544 #606545 #606547 #606548 #606549
forcemerge #388608 #606551 #606552 #606553 #606554 #606555 #606560 #606561
forcemerge  #388608 #606563 #606566 #606567 #606568 #606569 #606570 #606571
forcemerge  #388608 #606573 #606580 #606581 #606582 #606583 #606584 #606585
forcemerge  #388608 #606587  #606562 #606572 #606586
thanks

Hi,

very funny. not. 

Mass bug filings should be coordinated on -devel@ and not filed because one 
thinks so.

Also, this is a bug which has to be dealt with in logrotate and which has been 
dealt there already.

Not helpful.


cheers,
	Holger
[signature.asc (application/pgp-signature, inline)]

Forcibly Merged 388608 606600. Request was from Michal Čihař <nijel@debian.org> to control@bugs.debian.org. (Fri, 10 Dec 2010 11:09:04 GMT) Full text and rfc822 format available.

Bug Marked as found in versions 3.7.1.5. Request was from Michal Čihař <nijel@debian.org> to control@bugs.debian.org. (Fri, 10 Dec 2010 11:09:10 GMT) Full text and rfc822 format available.

Forcibly Merged 388608 606600. Request was from Michal Čihař <nijel@debian.org> to control@bugs.debian.org. (Fri, 10 Dec 2010 11:09:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Paul Martin <pm@debian.org>:
Bug#388608; Package logrotate. (Fri, 10 Dec 2010 11:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Paul Martin <pm@debian.org>. (Fri, 10 Dec 2010 11:12:03 GMT) Full text and rfc822 format available.

Message #78 received at 388608@bugs.debian.org (full text, mbox):

From: Holger Levsen <holger@layer-acht.org>
To: 388608@bugs.debian.org, control@bugs.debian.org, 606541-submitter@bugs.debian.org
Subject: plus all the maintainers wasting their time looking at their package
Date: Fri, 10 Dec 2010 12:09:34 +0100
[Message part 1 (text/plain, inline)]
forcemerge #388608 #606541 #606543 #606544 #606545 #606547 #606548 #606549
forcemerge #388608 #606551 #606552 #606553 #606554 #606555 #606560 #606561
forcemerge  #388608 #606563 #606566 #606567 #606568 #606569 #606570 #606571
forcemerge  #388608 #606573 #606580 #606581 #606582 #606583 #606584 #606585
forcemerge  #388608 #606587  #606562 #606572 #606586
thanks

Hi,

very funny. not. 

Mass bug filings should be coordinated on -devel@ and not filed because one 
thinks so.

Also, this is a bug which has to be dealt with in logrotate and which has been 
dealt there already.

Not helpful.


cheers,
	Holger
[signature.asc (application/pgp-signature, inline)]

Forcibly Merged 388608 606541 606543 606544 606545 606547 606548 606549 606600. Request was from Holger Levsen <holger@layer-acht.org> to control@bugs.debian.org. (Fri, 10 Dec 2010 11:12:07 GMT) Full text and rfc822 format available.

Forcibly Merged 388608 606541 606543 606544 606545 606547 606548 606549 606551 606552 606553 606554 606555 606560 606561 606600. Request was from Holger Levsen <holger@layer-acht.org> to control@bugs.debian.org. (Fri, 10 Dec 2010 11:12:13 GMT) Full text and rfc822 format available.

Forcibly Merged 388608 606541 606543 606544 606545 606547 606548 606549 606551 606552 606553 606554 606555 606560 606561 606563 606566 606567 606568 606569 606570 606571 606600. Request was from Holger Levsen <holger@layer-acht.org> to control@bugs.debian.org. (Fri, 10 Dec 2010 11:12:23 GMT) Full text and rfc822 format available.

Forcibly Merged 388608 606541 606543 606544 606545 606547 606548 606549 606551 606552 606553 606554 606555 606560 606561 606563 606566 606567 606568 606569 606570 606571 606573 606580 606581 606582 606583 606584 606585 606600. Request was from Holger Levsen <holger@layer-acht.org> to control@bugs.debian.org. (Fri, 10 Dec 2010 11:12:39 GMT) Full text and rfc822 format available.

Forcibly Merged 388608 606541 606543 606544 606545 606547 606548 606549 606551 606552 606553 606554 606555 606560 606561 606562 606563 606566 606567 606568 606569 606570 606571 606572 606573 606580 606581 606582 606583 606584 606585 606586 606587 606600. Request was from Holger Levsen <holger@layer-acht.org> to control@bugs.debian.org. (Fri, 10 Dec 2010 11:13:00 GMT) Full text and rfc822 format available.

Forcibly Merged 388608 606541 606543 606544 606545 606547 606548 606549 606551 606552 606553 606554 606555 606560 606561 606562 606563 606566 606567 606568 606569 606570 606571 606572 606573 606580 606581 606582 606583 606584 606585 606586 606587 606595 606596 606597 606598 606599 606600 606601 606602 606608 606609. Request was from Sven Joachim <svenjoac@gmx.de> to control@bugs.debian.org. (Fri, 10 Dec 2010 13:00:07 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 07 Sep 2011 07:33:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 15:14:50 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.