Re: logrotate: three questions

To: debian-user@lists.debian.org
Subject: Re: logrotate: three questions
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 15 Feb 2004 19:48:39 +0000
Message-id: <[🔎] 20040215194839.GA24979@riva.ucam.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] slrnc2vhjq.brv.spam@home.bounceswoosh.org>
References: <[🔎] slrnc2v6qq.bdd.spam@home.bounceswoosh.org> <[🔎] 20040215190334.GD20492@kitenet.net> <[🔎] slrnc2vhjq.brv.spam@home.bounceswoosh.org>

On Sun, Feb 15, 2004 at 12:20:26PM -0700, Monique Y. Herman wrote:
> On 2004-02-15, Joey Hess penned:
> > That would be a violation of debian policy, and is not the case on any
> > of my systems.
> >
> > -rwxr-xr-x    1 root     root          33K Oct  9  2002
> > /usr/sbin/logrotate*
> 
> Well, Bastille locked those permissions down for me.

Oh, God, why on earth?

> The question is, was Bastille being overly paranoid, or can logrotate
> be exploited when it's world-executable?

No executable that isn't set-user-id or set-group-id can ever let you do
anything you couldn't do yourself anyway. This is why Debian policy says
that non-set-id executables shouldn't have restrictive permissions.

I'd file a bug with the Bastille people.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: logrotate: three questions
  - From: "Monique Y. Herman" <spam@bounceswoosh.org>

References:
- logrotate: three questions
  - From: "Monique Y. Herman" <spam@bounceswoosh.org>
- Re: logrotate: three questions
  - From: Joey Hess <joeyh@debian.org>
- Re: logrotate: three questions
  - From: "Monique Y. Herman" <spam@bounceswoosh.org>

Prev by Date: Re: cdparanoia & a song in negative space
Next by Date: Re: Ext3 journaling errors
Previous by thread: Re: logrotate: three questions
Next by thread: Re: logrotate: three questions
Index(es):
- Date
- Thread