Re: logrotate: three questions

To: debian-user@lists.debian.org
Subject: Re: logrotate: three questions
From: "Monique Y. Herman" <spam@bounceswoosh.org>
Date: Sun, 15 Feb 2004 12:20:26 -0700
Message-id: <[🔎] slrnc2vhjq.brv.spam@home.bounceswoosh.org>
Mail-followup-to: debian-user@lists.debian.org
References: <[🔎] slrnc2v6qq.bdd.spam@home.bounceswoosh.org> <[🔎] 20040215190334.GD20492@kitenet.net>

On 2004-02-15, Joey Hess penned:
>
> Monique Y. Herman wrote:
>> 3) Permissions.  The logrotate app is only executable by root on my
>> box.  I'm trying to imagine the situation in which giving a normal
>> user access to logrotate would hurt anything, as long as logs have
>> appropriate permissions.  Could the paranoid among us speak up and
>> educate me?
>
> That would be a violation of debian policy, and is not the case on any
> of my systems.
>
> -rwxr-xr-x    1 root     root          33K Oct  9  2002
> /usr/sbin/logrotate*
>

Well, Bastille locked those permissions down for me.  The question is,
was Bastille being overly paranoid, or can logrotate be exploited when
it's world-executable?

-- 
monique

Reply to:

Follow-Ups:
- Re: logrotate: three questions
  - From: Colin Watson <cjwatson@debian.org>

References:
- logrotate: three questions
  - From: "Monique Y. Herman" <spam@bounceswoosh.org>
- Re: logrotate: three questions
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Quasi-(un)deletion question
Next by Date: Re: cdparanoia & a song in negative space
Previous by thread: Re: logrotate: three questions
Next by thread: Re: logrotate: three questions
Index(es):
- Date
- Thread