'Re: [oss-security] CVE Request -- logrotate -- nine issues'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- logrotate -- nine issues
From:       Ludwig Nussel <ludwig.nussel () suse ! de>
Date:       2011-03-23 16:25:35
Message-ID: 201103231725.35626.ludwig.nussel () suse ! de
[Download RAW message or body]

Ludwig Nussel wrote:
> Josh Bressers wrote:
> > We then will need to assign IDs for various broken uses of /var/log (If
> > someone has a list of the currently known ones, please pass it along)
> 
> AFAICS on openSUSE Factory we have
> cobbler

The cobbler daemon actually runs as root so having
/var/log/cobbler/* owned by the web service user is likely not only a
problem for logrote but also for cobbler itself when it opens files
there.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic