oss-sec mailing list archives

Re: CVE Request -- logrotate -- nine issues

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 23 Mar 2011 17:25:35 +0100

Ludwig Nussel wrote:

Josh Bressers wrote:

We then will need to assign IDs for various broken uses of /var/log (If
someone has a list of the currently known ones, please pass it along)


AFAICS on openSUSE Factory we have
cobbler


The cobbler daemon actually runs as root so having
/var/log/cobbler/* owned by the web service user is likely not only a
problem for logrote but also for cobbler itself when it opens files
there.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Current thread:

Re: CVE Request -- logrotate -- nine issues, (continued)
- - - Re: CVE Request -- logrotate -- nine issues Jan Kaluža (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Paul Martin (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 23)
  - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 14)