Re: logrotate: three questions
On 2004-02-15, Joey Hess penned:
>
> Monique Y. Herman wrote:
>> 3) Permissions. The logrotate app is only executable by root on my
>> box. I'm trying to imagine the situation in which giving a normal
>> user access to logrotate would hurt anything, as long as logs have
>> appropriate permissions. Could the paranoid among us speak up and
>> educate me?
>
> That would be a violation of debian policy, and is not the case on any
> of my systems.
>
> -rwxr-xr-x 1 root root 33K Oct 9 2002
> /usr/sbin/logrotate*
>
Well, Bastille locked those permissions down for me. The question is,
was Bastille being overly paranoid, or can logrotate be exploited when
it's world-executable?
--
monique
Reply to: