Simon

Asked: 2019-04-23 23:49:10 +0800 CST2019-04-23 23:49:10 +0800 CST 2019-04-23 23:49:10 +0800 CST

Logrotate and "insecure permissions": What can actually go wrong?

Logrotate complained to me this morning that it would not rotate some logs because their parent directory is writeable by someone else than root. The man page states I can make the error message go away by adding the "su" directive which makes logrotate drop root privileges when rotating that specific logfile. So far, so good.

What I wonder is (and the manpage is silent about it), how could a malicious user exploit logrotate if it would not take this precaution? As long as logrotate's configuration can only be altered by root (well, the configuration for logrotate that is triggered by cron and runs as root), an attacker cannot make logrotate touch arbitrary files, and I would assume logrotate does not touch symlinks?

Logrotate and "insecure permissions": What can actually go wrong?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Logrotate and "insecure permissions": What can actually go wrong?

0 Answers