The default configuration of logrotate on Debian GNU/Linux uses root
privileges to process files in directories that permit non-root write
access, which allows local users to conduct symlink and hard link attacks
by leveraging logrotate’s lack of support for untrusted directories, as
demonstrated by /var/log/postgresql/.
Author | Note |
---|---|
mdeslaur | looks like issue #9, adding RH bug upstream patch adds “su” option variable, and probably breaks backwards compatibility RH proposed patch for CVE-2011-1098 may fix it in a backwards-compatible way pretty much fixed by nofollow.patch and security-388608.patch in lucid+ |