[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: privilege escalation and potential data loss in logrotate


On Samstag, 11. Dezember 2010, Florian Zumbiehl wrote:
> I was up to, plus anyone on d-qa who read my mail there also could have
> pointed me in the right direction, so I won't take the blame for that.

I've read your mail to debian-qa some weeks ago and I've read the bug report. 
Which stated, that the bug in logrotate was fixed in squeeze and that there 
was no issue in the default setup in lenny neither:

"In the default setup, this, of course, shouldn't be a problem, since
logrotate is run with an effective group of root, and any member of that
group will usually have access to the log files anyway. When logrotate
is used by normal users, though, this could be a security problem." (from the 
initial mail to 388608, 3rd text paragraph)

And so I thought, so what?


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: