Bug#279965: Patch: run postrotate script via /bin/sh again

Tue, 24 May 2005 06:39:13 -0700 

Package: logrotate
Version: 3.7-3
Tags: patch
Followup-For: Bug #279965

Hi,

I think, this bug is quite serious, since the behaviour of executing
postrotate scripts is different in Woody and Sarge.

Usually, there are no other major issues against mounting /tmp noexec,
except for dpkg, which can be circumvented by using APT and
Dpkg:Pre/Post-Invoke. There are many HowTo's on the net,
explaining how to do this.

Even the "Securing Debian"-HowTo mentions this issue.

I know, mounting /tmp noexec is not a major gain in security. But I
think, since there are many worms out there, simply relying on
executing their payload via files in /tmp, why should we make their
lifes too easy?

I don't see any rationale, why this behaviour was changed in the first
place. The scripts are trusted ones anyway...

IMHO, there are two ways, to cope with this issue:

1) apply the patch, attached to this message
   - it runs the scripts through an explicit shell

2) mention the changed behaviour at least in NEWS.Debian
   - This is necessary, because upgrading from Woody could
     break log rotation completely.

I won't raise the priority of this bug. But because of the upgrading
issue, I think, we should solve it in some way.

I prepared a package, including the attached patch. It works fine for
me. They can be found at

deb http://ele-et.de/debian/packages ./
deb-src http://ele-et.de/debian/packages ./

What do you think?

Regards, 
Philipp


-- Package-specific info:
Contents of /etc/logrotate.d
total 16
-rw-r--r--  1 root root 137 Sep 23  2003 acpid
-rw-r--r--  1 root root  79 Oct  3  2003 aptitude
-rw-r--r--  1 root root 384 Dec 23  2003 base-config
-rw-r--r--  1 root root  68 Dec  9  2003 scrollkeeper


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (990, 'unstable'), (100, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.11-5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages logrotate depends on:
ii  anacron                     2.3-11       a cron-like program that doesn't g
ii  base-passwd                 3.5.9        Debian base system master password
ii  cron                        3.0pl1-87    management of regular background p
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libpopt0                    1.7-5        lib for parsing cmdline parameters

-- no debconf information

Attachment: 42-execlp-bin-sh.dpatch
Description: application/shellscript

Reply via email to