On Sat, Oct 29, 2005 at 03:10:51AM +0200, TsT wrote:
> My proposed Fix:
>
> - if [[ $(wc -c < "$file") -lt $(tail -n 1 "$offsetfile") ]]; then
>
> + INODEOFFSET=$(head -n 1 < $offsetfile)
> + #INODEFILE=$(ls -id $file) ;# not run with symlink.
> + INODEFILE=$(find $file -follow -
Package: logcheck
Version: 1.2.41
Problem: Logcheck try to detect if log file have been rotate or not by file
size way.
Possible attack:
- current log file (sizeA)
- run logcheck, (logcheck/logtail put inode in offsetfile), offset=sizeA
- [attacker run attack 1]
- run logrotate
- [attacker run
2 matches
Mail list logo
